The State of Ransomware Attacks across East and Southeast Asia

Countries in East and Southeast Asia have been targeted with multiple high-profile ransomware attacks over the last 18 months. The attacks have hit companies of all sizes across a disparate range of industries, languages, and territories in the region, as cyber criminals look for a large payday.

Ransomware in East Asia and Southeast Asia: The Statistics

Here are some useful background statistics on the state of ransomware in East and Southeast Asia from various industry reports and surveys:

  • Research found that there was a 168 percent increase in ransomware attacks in the Asia Pacific region when comparing May 2020 with May 2021. This trend reflects a wider global increase in ransomware attacks.
  • A report in Southeast Asia found that ransomware attacks on small to medium-sized businesses in the region actually decreased during 2020. The same report found that Indonesia ranked fifth globally for the number of incidents reported.
  • The proportion of surveyed organizations in different countries willing to pay the ransoms demanded by successful hackers was 57% in Japan and 69% in South Korea.

 

The numbers show that organizations in East Asia remain attractive targets for ransomware attacks perhaps due to the larger company sizes in these countries coupled with their relatively high willingness to pay.

Fujifilm, Japan: June 2021

In June 2021, an official statement by the Japanese multinational Fujifilm revealed details of a ransomware attack on its Tokyo headquarters. The attack resulted in Fujifilm taking networks, servers, and IT equipment and systems offline as a precaution.

Subsequent media headlines in the days following the attack reported that the company refused to pay the ransoms demanded by hackers. Instead, Fujifilm relied on backups to restore operations. It’s unclear exactly what family of ransomware was used in the attack on Fujifilm.

AXA, Multiple Countries: May 2021

May 2021 was a bad month for the Asian branch of the multinational insurance company. Russian cybercriminals targeted AXA IT infrastructure in Thailand, Malaysia, Hong Kong, and the Philippines. The criminals informed AXA and the wider public via their own leak site that they stole around 3 terabytes of personal information belonging to AXA customers, which, if true, represents a significant breach of sensitive health information.

The AXA attack appears to be another example of the double extortion technique increasingly favored by hacking groups. By first exfiltrating data from a company’s network and then encrypting files on the network, the double extortion technique blackmails companies into paying hackers not to disclose stolen information.

Multiple Hospitals, Thailand: September 2020

Reflecting a disturbing and widespread trend during the global pandemic, multiple hospitals in Thailand became victims of a ransomware attack that locked their computer systems and data.

The wave of attacks began with an initial attack on a hospital in the central Thai province of Saraburi. With computer systems taken down, staff advised patients to bring any copies or evidence of their old medical records where possible.

Several other Thai hospitals were hit with similar issues in the days following the initial IT compromise at the hospital in Saraburi. Reports suggested some hospitals paid the 1 million Thai baht ($32,000) ransom.

This attack underscored the importance of having backups in place. Even if data was exfiltrated, it’s still critical to be able to restore IT operations and data swiftly, especially at a healthcare organization.

Honda, Japan: June 2020

In early June 2020, Honda revealed via social media that the car manufacturer was experiencing technical difficulties. News began filtering through to the media that a ransomware family known as SNAKE disrupted global operations at several Honda locations, including Japan.

The affected operations included production facilities, financial services, and customer services. According to statements made to the media at the time of the breach, no data breach occurred. The attack appeared to be a classic ransomware example that just encrypts rather than exfiltrates data.

Takeaway Lessons

A Backup/Disaster Recovery Strategy Is Still Relevant

The use of double extortion ransomware ignited debate within the security industry about the use of backups and disaster recovery as a strategy. Some articles opined that backups are now obsolete as a ransomware defense, but that’s not quite the case for two reasons:

  1. Many ransomware attacks, including some of the examples here, are still of the classical type where important files and systems are encrypted using malicious software. Backups provide a way to recover from these attacks without needing to entertain the idea of paying a ransom.
  2. Even in cases where hackers exfiltrate data from your network, it is still vital to get your important business services and data back so that mission-critical IT functions can resume swiftly. This is particularly relevant for services such as healthcare that citizens depend on so much.

 

Prevention is Better Than Cure

Preventing ransomware attacks is far more straightforward than responding to them. A successful breach creates a dilemma about whether to pay up. Some huge companies end up paying ransoms even though many government cybersecurity departments do not advise paying under any condition.

Prevention should incorporate tactics like defending against phishing by using email security solutions, ensuring all employees are educated and aware of the importance of cybersecurity, and regular simulated tests to gauge the strength of your cybersecurity posture.

Targets Are Diverse

From insurance to healthcare to automotive, these cyber attacks represent just a small sample that still displays the diversity of targets. Ransomware-as-a-service groups spend all day looking for vulnerable organizations to exploit. Every organization, from world-renowned enterprises to community hospitals, needs to pay attention to ransomware.

Closing Thoughts

Just like pretty much every other region on Earth, ransomware is the most prevalent and malicious cyber threat in East Asia and Southeast Asia. Dedicating resources to both solutions and strategies that harden your ransomware defenses is a wise investment. 

To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today at https://ironscales.com/get-a-demo/.