Rundown: Ransomwares detected in the Philippines, other SEA countries

March 7, 2023 - 3:35 PM
A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken March 1, 2017. Reuters/Kacper Pempel/Illustration/File Photo

More complex ransomware groups that demanded higher ransom money were detected in businesses in Southeast Asia, including in the Philippines.

This was part of the data that Kaspersky, a leading cybersecurity firm, has recently released among its partner businesses in the region last year.

In its internal data, the following names of ransomware types and groups were mostly detected in SEA enterprises in 2022:

  • Lockbit ransomware group or Lockbit — is a ransomware-as-a-service provider that was found to be the most prolific ransomware that was created by a “notorious group.”

Kaspersky defined it as “malicious software designed to block user access to computer systems in exchange for a ransom payment.”

It has previously attacked a private business in Singapore, a private school in Malaysia and an internet technology service provider in the Philippines.

  • Ransomware 3.0 — is the updated or latest version of ransomware with an added “extortion mode.”

Groups employ ransomware 3.0 “either through reselling the data or files they have hacked, conducting DDoS attacks against their victim or the victim’s customers, or using the same data to conduct follow-up attacks like targeted phishing.”

RELATED: Public warned of suspicious email link attachments amid ‘formidable’ ransomware group | ‘Dapat walang clickable link’: BSP urges banks, financial institutions amid scam reports 

  • WannaCry — is a type of ransomware that has a “worm component.” It was first detected in a global epidemic attack against computers operating Microsoft Windows in 2017.

Kaspersky noted that an estimated $4 billion worth of money was lost after the attack.

The cybersecurity firm experts predicted a possible new version of this type of software called, WannaCry 3.0, that will be employed by cybercriminals in the near future.

Across the region, Kaspersky’s systems have blocked a total of 304,904 ransomware attacks targeting businesses last year.

The following is the breakdown of these attacks that were blocked:

  • Indonesia – 131,779
  • Thailand – 82,438
  • Vietnam – 57,389
  • Philippines – 21,076
  • Malaysia – 11,750
  • Singapore – 472

Moreover, Kaspersky’s telemetry also found the following most common types of ransomware that businesses in the country have to watch out for:

  • Trojan-Ransom.Win32.Crypren
  • Trojan-Ransom.Win32.Wanna
  • Trojan-Ransom.Win32.Stop
  • Trojan-Ransom.Win32.Gen
  • Trojan-Ransom.Win32.Agent

Yeo Siang Tiong, Kaspersky general manager for Southeast Asia, said that these findings suggest that cybersecurity threats will continue to be a “menace” for enterprises in the region.

Yeo cited that one of the reasons for this is that some corporate executives perceive ransomware as “overhyped by the media” instead of responding to it.

“Our 2022 data reveals this threat will continue to be a menace for enterprises in SEA because it makes good money for cybercriminals because some business executives think ransomware is just overhyped by the media, and because enterprise security teams are actually overwhelmed and undermanned to detect and respond against it,” he said.

In line with the release of this data, Kaspersky also launched its newest product—the Extended Detection and Response (XDR) platform for organizations and enterprises in the country.

The Kaspersky XDR platform is a multi-layer protection to help or provide aid to the cybersecurity infrastructure of organizations and entities.