APAC Organisations Among the Top Three Victims of Ransomware Groups

Majority of global ransomware threats in 2022 were concentrated in Asia

 Latest threat intelligence from Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, revealed that Asia Pacific (APAC) faced the majority of global ransomware attacks in 2022 and is among the top victimised regions by ransomware groups, Conti and LockBit. This is according to findings in Trend Micro’s annual report, Rethinking Tactics: 2022 Annual Cybersecurity Report, and latest study, What Decision Makers Need to Know About Ransomware Risk.

The latter warns that although only 10% of ransomware victims pay their extorters, they are enabling attacks on numerous other organisations by doing so. This is something that organisations in Asia should pay attention to, given majority of the ransomware threats in 2022 were concentrated in the region (38.06%). Furthermore, Asia Pacific’s ransomware payment rate stands higher than average, with organisations in the region being a prime target of ransomware groups, Conti and LockBit.

Nilesh Jain, Vice President of Southeast Asia & India at Trend Micro: “Paying off a ransom might seem like a quick way to mitigate risk in the short-term, but in the long run, victimised organisations will only be fuelling the ransomware industry leading to more damage. With our new report on ransomware risk and our annual cybersecurity report, we are attempting to spread awareness of the various costs associated with such a decision and provide an efficient approach for organisations to deal with ransomware attacks.”

Key findings from Trend Micro’s ransomware report include:

• Ransom payment rate in APAC stood a little higher than average at 18.9%. Africa had the highest ransom payment rate (34.8%) while Europe had the lowest (11.1%).
• North America, Europe and APAC were among the top three regions where organisations victimised by ransomware groups Conti and LockBit were located. IT was among the top three target industries for both ransomware groups.
• Within APAC, a closer analysis revealed that Conti had many victimised organisations in predominantly English-speaking countries such as Australia (38.9%), India (16.7%), New Zealand (8.3%), and Singapore (2.8%).

Paying a ransom often resulted in driving up the overall cost of the incident with few other benefits. The 10% of victims that agree to pay usually do so quickly and are generally being forced to pay more per compromise. This report delivers strategic, tactical, operational, and technical threat intelligence, that can be leveraged to compare ransomware groups, estimate risks, and model threat actor behaviors.

However, ransomware is just one of many security issues that continues to plague the region, as threat actors went ‘all in’ to boost profits in 2022.

Key findings from Trend Micro’s annual cybersecurity report include:

• Trend Micro blocked over 14 billion threats in Asia in 2022, inclusive of email threats, business email compromise, URL-related threats. Of this, over 1 billion threats were blocked in Singapore alone.
• Additionally, Trend Micro detected over 2 billion other threats in Asia, inclusive of botnet-related threats and malware. Nearly 90 million of these threats were detected in Singapore alone.
• Asia was top ranked in terms of mobile security issues.

Trend Micro recommends that organisations adopt a platform-based approach to managing the cyber-attack surface, mitigate security skills shortages and coverage gaps, and minimise the costs associated with point solutions. This should cover the following:

• Asset management: Examine assets and determine their criticality, any potential vulnerabilities, the level of threat activity, and how much threat intelligence is being gathered from the asset.
• Cloud security: Ensure that cloud infrastructure is configured with security in mind to prevent attackers from capitalising on known gaps and vulnerabilities.
• Proper security protocols: Prioritise updating software as soon as possible to minimise the exploitation of vulnerabilities. Options such as virtual patching can help organisations until vendors provide official security updates.
• Attack surface visibility: Monitor disparate technologies and networks within the organisation, as well as any security system that protects them. It may be difficult to correlate different data points from siloed sources.