KUALA LUMPUR: Kaspersky recently confirmed that 2020 was the year of "Ransomware 2.0" in Asia Pacific.
The company's lead malware analyst, Alexey Shulmin said 2020 was the most productive year for ransomware families who moved from hostaging data to exfiltrating data, coupled with blackmailing.
He said that in Asia Pacific, there is an interesting re-emergence of two highly-active groups, REvil and JSWorm.
"Both resurfaced as the pandemic rages in the region last year, and we see no signs of them stopping anytime soon," he added.
Kaspersky exposed REvil ransomware, also known as Sodinokibi and Sodin, a few months ago, where the group had distributed itself and Oracle Weblogic vulnerability and attacked on MSP providers.
Their infamy peaked in August 2019 where most of their victims were only from Asia Pacific, particularly in Taiwan, Hong Kong, and South Korea.
"But last year, Kaspersky detected them in almost all countries and territories. It's safe to say that during their 'silent months', REvil creators took their time to enhance their method of targeting victims and their network's reach," Shulmin added.
Kaspersky said its experts were able to categorise the hackers' targets into several general industry classes based on the data published in the hacker's data leak site.
Their industry targets falls under engineering and manufacturing with 30 per cent, finance with 14 per cent, professional and consumer services with 9 per cent, and legal, IT and telecommunication, and food and beverage industries with 7 per cent equally.
Kaspersky said JSWorm is also notorious with their ransomware landscape in 2019, despite their initial victims being varied due to geographical distribution.
They were initially detected in North and South America (Brazil, Argentina, USA), Middle East and Africa (South Africa, Turkey, Iran), in Europe (Italy, Frace, Germany) and in APAC (Vietnam).
Even though Kaspersky has successfully blocked their attempts on 230 users, there was still a spiked increase of threat with 725 per cent from 2019's 27 users almost infected.
From there, they have made a shift, which Kaspersky experts have noticed, towards the Asia Pacific region such as China.
China became the country with the most KSN users almost infected by JSWorm and is followed by the US, Vietnam, Mexico, and Russia.
Kaspersky said more than 39 per cent of them targeted last year were located in Asia Pacific.
Also, 41 per cent of JSWorm attacks were mainly targeted towards companies under engineering and manufacturing industry, energy and utilities with 10 per cent, finance 10 per cent, professional and consumer services with 10 per cent, Transportation 7 per cent, and Healthcare with 7 per cent were on their list.
Protecting againts Ransomware 2.0
In order to be protected against Ransomware 2.0, Kaspersky experts has suggested enterprises and organisations to follow the steps:
1. Keep your OS and software patched and up to date.
2. Train all employees on cybersecurity best practices while working remotely.
3. Only use secure technologies for remote connection.
4. Carry out a security assessment on your network.
5. Use endpoint security with behaviour detection and automatic file rollback, such kaspersky Endpoint Security for Business.
6. Don't follow the criminal's demands and do not fight alone and contact Law Enforcement, CERT, and other security vendors such as Kaspersky.
7. Follow the latest trends of premium threat intelligence subscriptions such as Kaspersky APT Intelligence Service.
8. Identify new undetected malware on premises with Kaspersky Threat Attribution Engine.