Ransomware attacks in the Philippines surged by 57.4 percent in 2022 with 11 reported cases across key sectors, including manufacturing, according to Unit 42 investigations by US-based cybersecurity firm Palo Alto Networks.
“The Philippines took up the 4th spot in Southeast Asia, alongside Malaysia, with 11 reported ransomware attacks and a 57.4-percent surge, accounting for around 12 percent of the attacks in the region,” Palo Alto Networks said in a statement issued on Wednesday.
The cybersecurity firm said the Philippines “trailed behind” Thailand (28), Singapore (18), and Indonesia (14), on the list of the most attacked countries. In contrast, the firm said the Philippines was ahead of Vietnam (9).
Palo Alto reported that Manufacturing, Professional & Legal Services, and State & Local Governments remained the most targeted sectors in the Philippines.
Meanwhile, ransomware attacks increased by 35.4 percent to 302 within the Asia-Pacific (APAC) region, Palo Alto said.
Globally, it said ransomware demands continued to be a “pain point” for organizations the past year, with payments as high as $7 million or P383 million in cases that Unit 42 observed.
“The global median demand was $650,000 or P35.5 million, while the median payment was $350,000 or P18.9 million, indicating that effective negotiation can drive down to actual payments,” the cybersecurity firm said.
The report revealed the extortion techniques being used by ransomware groups as these groups aim to apply more pressure on organizations to pay the ransom.
“Some of these tactics include encryption, data theft, distributed denial of service [DDoS], and harassment,” Palto Alto said.
The cybersecurity firm said data theft was the most common extortion tactic, with 70 percent of groups using it by late 2022, which it said is a 30-percentage point increase from the year prior.
Every day, Palo Alto said Unit 42 researchers see an average of seven new ransomware victims posted on leak sites—equating to one new victim every four hours.
In fact, in 53 percent of Unit 42’s ransomware incidents involving negotiation, ransomware groups have threatened to leak data stolen from organizations on their leak websites, Palo Alto said.
Further, it noted, this activity has been seen from “a mix of new and legacy groups,” indicating that new actors are entering the landscape to cash in as legacy groups have done.
“Established groups like BlackCat, LockBit, and others contributed to 57 percent of the leaks, with new groups trailing close behind with 43 percent,” Palo Alto said.
In the past year, the cybersecurity firm noted there have been “notable attacks” from ransomware groups, with a “particular spike” in attacks on schools and hospitals.
This includes the attacks from Vice Society, which Palo Alto said was responsible for the data leaks from several major school systems in 2022.
The cybersecurity firm said the group continues to be active in 2023, with nearly half of the incidents posted to their leak site impacting educational institutions.
Image credits: Bloomberg