Kaspersky, the global cybersecurity and digital privacy company said that the ransomware groups targeting organizations in Malaysia are constantly improving their skills and sharpening their techniques.
Speaking at the National CISO Conference 2022, an event organized by the National Cyber Security Agency (NACSA) of Malaysia, Kaspersky highlighted the global and local threat landscape zeroing in on ransomware, especially the notorious group REvil.
Genie Gan, Kaspersky’s Head of Public Affairs and Government Relations for the Asia Pacific (APAC) & Middle East, Turkey, and Africa (META), shared that REvil initially distributed itself through an Oracle Weblogic vulnerability and carried out attacks on managed service providers (MSP).
From there, Kaspersky experts have discovered that REvil also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows and uses legitimate processor functions to avoid detection by security solutions. REvil is still actively attacking its victims globally including those in Malaysia.
“The creators of REvil ransomware have a network of carefully chosen affiliates who distribute the Trojan and share a portion of the extorted money. This notorious group targets most sectors with its top three victims coming from the engineering and manufacturing industry (30%), followed by finance (14%) and professional and consumer services (9%). As we can see that groups such as REvil focus on financial rewards, it will remain a serious threat to corporations and organizations globally and in Malaysia,” adds Gan.
Aside from active ransomware groups, Gan also shared with the conference attendees – comprised of ICT security officers from public sectors, and chief information security officers (CISO) from both public and private sectors – the level of awareness among the C-level executives in Malaysia towards this threat.
A survey conducted by Kaspersky revealed that the majority (94%) of senior non-IT managers (such as CEOs, VP, and Director level) and business owners or partners in Malaysia are aware of ransomware families such as Wannacry, REvil, Conti, Lockbit, NotPetya and more. Seven in 10 (74%) of them expect a ransomware attack against their businesses.
Their expectations appeared to be valid as two in three (74%) of C-suite surveyed from Malaysia admitted that they have been attacked by ransomware before. Out of which, 40% said they have faced one incident while 34% said they have been attacked several times.
The majority of those attacked (83.8%) paid ransom to decrypt their data.
In addition, only 4% of the executives surveyed have third-party incident response providers, and none of them has incident response capabilities internally.
“Clearly, enterprises and organizations in Malaysia know the damage that can be caused by ransomware attacks but lacks the necessary technologies to respond and recover after an incident. A holistic approach is needed to fill this gap. The Malaysian government continues to conduct concrete steps and we encourage all sectors to work together in building the country’s cyber capacity cooperation efforts because these two are basically the building blocks of a cyber-resilient economy,” adds Gan.
Fort their part, Kaspersky co-founded the global project called “No More Ransom Initiative” which has grown from four partners to 188 and has contributed 136 decryption tools covering 165 ransomware families.
Since its launch in 2016, it has helped more than 1.5 million people decrypt their devices all over the world. Nearly 30,000 ransomware victims from July last year to June end of 2022 in SEA were also able to retrieve their data through this project.
To help enterprises and organizations defend their systems against the evolving threat of ransomware, Kaspersky provides the following steps:
- Keep your OS and software patched and up to date
- Educate all employees. Free dedicated training courses are available, such as Kaspersky Automated Security Awareness Platform and How to Protect Against Ransomware Attacks
- Carry out a security audit of your network
- Only use secure technologies for remote connection
- Enable ransomware protection for all endpoints. Free Kaspersky Anti-Ransomware Tool for Business available which shields computers and servers from ransomware and other types of malware, prevents exploits, and is compatible with other installed security solutions
- Use endpoint security with behavior detection and automatic file rollback
- Use the latest threat intelligence information
- If you become a victim, never pay a ransom. Use a good decryptor