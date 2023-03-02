As ransomware continues to evolve and become more sophisticated, there is a growing need for Philippine-based organizations to boost their capabilities to detect and quickly address these kinds of cyberattacks that could potentially go for as high as billions of dollars in repercussions.

In a press briefing on Tuesday, Kaspersky executives highlighted that ransomware, which essentially is malware that locks a device or files and is used by bad actors for payments to unlock, has turned into a more serious threat for many organizations.

From 2020’s pressure tactic, which involves an attack on the organization’s reputation, bad actors are now using ransomware to add a new extortion mode to milk more money from their victims. Dubbed Ransomware 3.0, the new tactic is to resell the data or files hacked, conduct attacks against their victims’ customers, or use the data to conduct follow-up attacks like targeted phishing.

“Malicious actors, like the Lockbit ransomware group, invest considerable time in up-front intelligence gathering to determine who they will target, how they will target them, and the optimal timing of their attack,” Kaspersky General Manager for Southeast Asia Yeo Siang Tiong said.

“This level of pre-planning makes attacks more sophisticated and therefore harder to catch. Combine this with their double and now the emerging triple-extortion models, modern targeted ransomware groups are set to disrupt more enterprises in Southeast Asia if we are not equipped enough to nip them in the bud.”

Fresh statistics from Kaspersky revealed that a total of 304,904 ransomware attacks eyeing businesses here have been blocked by Kaspersky’s business solutions last year. Indonesia recorded the highest number of incidents foiled by Kaspersky B2B solutions at 131,779, followed by Thailand (82,438), and Vietnam (57,389).

The Philippines logged a total of 21,076 ransomware attacks; Malaysia had 11,750, and Singapore had 472.

“Our 2022 data reveals this threat will continue to be a menace for enterprises in SEA because it makes good money for cybercriminals because some business executives think ransomware is just overhyped by the media, and because enterprise security teams are actually overwhelmed and undermanned to detect and respond against it,” Yeo said.

He noted that Kaspersky has developed a new solution to help organizations combat these attacks.

“To help the overwhelmed and undermanned enterprise security teams, we consolidated our multiple security tools into a coherent, unified security incident detection and response platform—our Kaspersky Extended Detection and Response or XDR. This new platform provides multi-layer protection for enterprises, as well as threat hunting capabilities for their existing Security Operations Center,” Yeo said.

Kaspersky’s XDR, he explained, is a simple-to-use multi-layered security platform in the form of solutions and cybersecurity experts’ services. It uses a proactive approach of coordinating siloed security tools into a coherent, unified security threat detection and response platform.

It consolidates a large volume of alerts into a much smaller number of incidents that can be prioritized for manual investigation while providing integrated incident response options that provide sufficient context so that alerts can be resolved quickly.

The platform also provides response options that extend beyond infrastructure control points, including network, cloud, and endpoints, to deliver comprehensive protection; and automates repetitive tasks to improve productivity.

Yeo said bad actors that utilize ransomware is now localizing the attacks and without foiling these quickly, it could turn into another WannaCry incident, which cost $4 billion in 2017.