Hacker working with computer in dark room showing ransomware and ransomops

Ransomware to RansomOps: Why APAC Enterprises are Increasingly Vulnerable

In the Asia Pacific (APAC) region, ransomware has become a prolific and challenging problem for organisations across every industry. The average cost of remediating a ransomware attack has grown by more than US$1 million, with remediation costs, including business downtime, lost orders, operational costs and more, increasing from an average of US$1.16 million in 2020 to US$2.34 million in 2021. In fact, APAC organizations are 80% more likely than the global average to be the target of a cyber-attack.

It’s not only the propensity but the nature of the attacks we need to address, as more cyber criminals are targeting customer and supply chains and taking on Government organisations or huge private companies (such as Kaseya). Earlier this year, Singapore’s Cyber Security Agency (CSA) reported a rise of 154% ransomware cases, affecting small and medium enterprises in sectors such as manufacturing, retail and healthcare. As recently as August 2021, a ransomware attack in the city state affected the personal data and clinical information of over 73,000 patients of a private eye clinic. Additionally, a leading insurer, Tokio Marine Insurance Singapore and tech company Pine Labs fell victim to ransomware attacks in the same month.

Evolution of ransomware a top concern in APAC

In 2021 cyber-criminal groups have acted similarly to a SaaS technology company, in what can be described as Ransom-as-a-Service so they can operationalize attacks and monetize as much as possible.

This has signaled a huge change from traditional ransomware in that these attacks no longer rely on automated malware alone, and as a result aren’t nearly as predictable. Often, we don’t see it until it’s too late, leaving us in a position of needing to first understand and then isolate the attackers within our environment as fast as possible before the malware surfaces. RansomOps is a move away from traditional malware, which is delivered in a much more predictable and automated manner.

Moreover, the pandemic has led to the huge adoption of cloud, and alongside this we’ve seen RansomOps affiliates looking at new ways of targeting via public cloud platforms such as AWS and Azure. This provides attackers an opportunity to move from initial access to ransom at even faster rates than the already swift 8-30 days. In fact, these attacks can be completed within a day.

It’s becoming more obvious every day that we need robust cybersecurity systems and solutions in place, to not only protect our data, but our entire business operations and essentially the livelihoods of our people. With all things in cyber security there is no silver bullet. However, as a starting point, organizations need to have a strong cyber resiliency policy. To achieve this, there needs to be a mindset shift from “if” we get compromised to “when” we get compromised. Once this mindset shift has occurred, then the policy needs to consider people, processes, and technology, ensuring security teams have clear visibility of all assets on the network including cloud and data center infrastructure.

Security best practices for fighting ransomware

A high level of visibility is key to mapping out the attack surfaces that the organisation is exposed to. To be prepared you must make sure that your organisation can identify breaches quickly. This means engaging regularly in stringent exercises that look at security controls, the processes and the procedures that are in place, and identify any gaps. Be sure to patch well and diligently and run the latest security software with a strong strategy on the network and endpoint.

APAC organizations must also invest in training their all staff on cybersecurity continuously. We need to ensure that boards are aware of the risks posed by RansomOps, and what the potential impacts are to the business. Practising how the organization will respond to a ransomware incident through tabletop exercises with all senior staff and board members is an effective method. This will outline the responsibilities that the business has to securing itself for when these incidents occur, and ultimately speed up response times in an actual event.

With a technology partner specializing in threat detection and response, you can break everything down to very detailed attack phases – command and control, reconnaissance, lateral movement – and exfiltration. You can further break this down into specific behaviors in those phases to identify what could potentially be a ransomware incident early on and ensure business as usual. Overall, organizations need to establish a company culture that understands risk, and then implements mitigating technology controls backed by procedures on how to identify, respond and recover from cyber incidents such as RansomOps.