Countries in East and Southeast Asia have been targeted with multiple high-profile ransomware attacks over the last 18 months. The attacks have hit companies of all sizes across a disparate range of industries, languages, and territories in the region, as cyber criminals look for a large payday.
Here are some useful background statistics on the state of ransomware in East and Southeast Asia from various industry reports and surveys:
The numbers show that organizations in East Asia remain attractive targets for ransomware attacks perhaps due to the larger company sizes in these countries coupled with their relatively high willingness to pay.
In June 2021, an official statement by the Japanese multinational Fujifilm revealed details of a ransomware attack on its Tokyo headquarters. The attack resulted in Fujifilm taking networks, servers, and IT equipment and systems offline as a precaution.
Subsequent media headlines in the days following the attack reported that the company refused to pay the ransoms demanded by hackers. Instead, Fujifilm relied on backups to restore operations. It’s unclear exactly what family of ransomware was used in the attack on Fujifilm.
May 2021 was a bad month for the Asian branch of the multinational insurance company. Russian cybercriminals targeted AXA IT infrastructure in Thailand, Malaysia, Hong Kong, and the Philippines. The criminals informed AXA and the wider public via their own leak site that they stole around 3 terabytes of personal information belonging to AXA customers, which, if true, represents a significant breach of sensitive health information.
The AXA attack appears to be another example of the double extortion technique increasingly favored by hacking groups. By first exfiltrating data from a company’s network and then encrypting files on the network, the double extortion technique blackmails companies into paying hackers not to disclose stolen information.
Reflecting a disturbing and widespread trend during the global pandemic, multiple hospitals in Thailand became victims of a ransomware attack that locked their computer systems and data.
The wave of attacks began with an initial attack on a hospital in the central Thai province of Saraburi. With computer systems taken down, staff advised patients to bring any copies or evidence of their old medical records where possible.
Several other Thai hospitals were hit with similar issues in the days following the initial IT compromise at the hospital in Saraburi. Reports suggested some hospitals paid the 1 million Thai baht ($32,000) ransom.
This attack underscored the importance of having backups in place. Even if data was exfiltrated, it’s still critical to be able to restore IT operations and data swiftly, especially at a healthcare organization.
In early June 2020, Honda revealed via social media that the car manufacturer was experiencing technical difficulties. News began filtering through to the media that a ransomware family known as SNAKE disrupted global operations at several Honda locations, including Japan.
The affected operations included production facilities, financial services, and customer services. According to statements made to the media at the time of the breach, no data breach occurred. The attack appeared to be a classic ransomware example that just encrypts rather than exfiltrates data.
A Backup/Disaster Recovery Strategy Is Still Relevan
The use of double extortion ransomware ignited debate within the security industry about the use of backups and disaster recovery as a strategy. Some articles opined that backups are now obsolete as a ransomware defense, but that’s not quite the case for two reasons:
Prevention is Better Than Cure
Preventing ransomware attacks is far more straightforward than responding to them. A successful breach creates a dilemma about whether to pay up. Some huge companies end up paying ransoms even though many government cybersecurity departments do not advise paying under any condition.
Prevention should incorporate tactics like defending against phishing by using email security solutions, ensuring all employees are educated and aware of the importance of cybersecurity, and regular simulated tests to gauge the strength of your cybersecurity posture.
Targets Are Diverse
From insurance to healthcare to automotive, these cyber attacks represent just a small sample that still displays the diversity of targets. Ransomware-as-a-service groups spend all day looking for vulnerable organizations to exploit. Every organization, from world-renowned enterprises to community hospitals, needs to pay attention to ransomware.
Closing Thoughts
Just like pretty much every other region on Earth, ransomware is the most prevalent and malicious cyber threat in East Asia and Southeast Asia. Dedicating resources to both solutions and strategies that harden your ransomware defenses is a wise investment.
To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today at .