Although Asia Pacific is still battling with Covid-19, the region’s GDP is forecasted to grow at 6.2% year-on-year in 2021. However, that projected economic recovery may be hindered by a looming threat: ransomware.

Ransomware attacks — which use malicious software (malware) to encrypt files and systems before demanding a ransom to restore access — are becoming more pervasive. Research firm Cybersecurity Ventures predicts there will be a ransomware attack on businesses every 11 seconds this year, costing the world economy US$20 billion ($27.2 billion). This is expected to see an upward trend, with the damage caused by ransomware attacks globally likely reaching US$265 billion annually by 2031. 

Ransomware’s fast growth can be attributed to the increasing ease of launching such attacks, even for novel hackers without coding skills. With the rise of ransomware as a service, cybercriminals can use ransomware tools readily available on the dark web to execute attacks as long as they give a cut of the ransom payment to the developers of that tool. 

Organisations in Asia Pacific are partially responsible for the rise of ransomware too, as many of them have not invested enough in cybersecurity. Case in point: they take an average of 76 days to detect an intrusion into a network by a remote attacker, which is usually the first step of a ransomware attack, according to The FireEye Mandiant M-Trends 2021 report. “This means an attacker’s work is completed well before the victim knows something is wrong, as it typically takes only five days on average for the threat actor to deploy ransomware on business-critical servers after a successful intrusion,” says Eric Hoh, president, Asia Pacific, FireEye Mandiant.

He adds that ransomware is not a key concern for many organisations as they think their country or industry is excluded from cyberattacks and that those attacks will only affect their IT systems. However, these assumptions are far from the truth. “Geographical distance is not a protecting factor on the Internet, and cybercriminals can monetise an attack against any industry. Ransomware attacks are not just an IT issue too as they leave negative impacts on the businesses as organisations today are increasingly dependent on IT systems.”

The hidden costs of ransomware attacks

When business leaders hear “ransomware”, they often envision scenarios of malware encrypting files to make them inaccessible to legitimate users and that paying the ransom will solve the issue. While this was true in the past, the way ransomware attacks are conducted today has evolved, resulting in business consequences beyond the ransom payment.

Take the ransomware incident on US fuel pipeline operator Colonial Pipeline in May, for example. Hoh shares, “The outage left some retail stations dry in more than 10 states, causing the average price per gallon to hit the highest level seen since October 2014, according to the Automobile Association of America. This caused governors in the states of Florida, Virginia, North Carolina and Georgia to declare states of emergency, which means they can introduce temporary rules to ease prices in their areas.”

“To further alleviate the crisis, the Biden administration granted two Jones Act waivers to companies including Valero Energy Corp that allow foreign tankers to send fuel to the US East Coast. Even after Colonial Pipeline’s operations were restored, it took at least seven to 10 days before the average consumer noticed a normalisation of the fuel supplies,” he adds.

It is interesting to note that getting back to “business as usual” will not happen immediately after overcoming a ransomware attack. According to Hoh, recovery time largely depends on the organisation’s response and recovery plan, but it generally takes days or even weeks after the compromised IT systems are back up and running for the business to return to normal.     

See also: Tackling Ransomware as a Service

He also shares that besides causing outages, some hackers will also steal data during a ransomware attack and threaten to publish the information on leak websites or sell them on the dark web. These data breaches may be more detrimental than service disruptions as they may result in greater reputational damage, regulatory fines and legal consequences.

Combatting ransomware

Since ransomware attacks do not discriminate and are becoming more rampant, organisations in Asia Pacific need to be prepared that they may become victims of ransomware. This means they should not only enhance their threat prevention capabilities but also build a plan in case prevention fails.

It’s a double whammy if you get attacked when you don’t have response, recovery, or communications plans in place
Eric Hoh, president, Asia Pacific, FireEye Mandiant

Organisations can develop such a plan by using tools that assess their ability to prevent, detect, contain and remediate a ransomware attack. The FireEye Mandiant Ransomware Defense Assessment, for instance, helps evaluate the technical impact a ransomware attack could have on an organisation’s internal network, discover what data could be jeopardised or lost, and test the company’s security controls’ ability to detect and respond to a ransomware attack.

Additionally, dealing with ransomware threats more effectively and proactively calls for organisations to better understand the wider ecosystem of how ransomware actors operate instead of focusing too much on a specific incident. “It’s important to understand that cyberattacks don’t happen in one atomic step. A complete cyberattack comprises of a chain of smaller stages and techniques,” states Hoh.   

He exemplifies his point using intrusion. “Although there is no way to fully secure organisations against intrusions, there are many stages that must follow a successful intrusion for attackers to complete their mission. Each of these stages allows defenders to stop the attacker before there is any business impact,” he says.

Given the huge volume and increasing complexity of ransomware threats, some organisations are leveraging managed detection and response services to better respond to and protect against motivated adversaries. One such service is Mandiant’s Managed Defense, which monitors endpoints, network, email, cloud and logs 24/7 to provide organisations with comprehensive visibility of their IT environment. It also investigates and prioritises alerts with context from nation-grade threat intelligence to empower the organisation to take swift, decisive actions.

As we progress into the digital age, the threat of ransomware is here to stay and those attacks will become more sophisticated. Organisations in Asia Pacific should therefore make it a habit to proactively review, test, and enhance their defences to combat ransomware. That way, they can channel the costs and time usually incurred to recover from cyberattacks to innovation efforts that will help accelerate the region’s economic recovery.

Photo: Pixabay