Southeast Asian firms face surge in ransomware attacks in 2024

Businesses in Southeast Asia faced an average of 400 attempted ransomware attacks every day in 2024, with new data highlighting the scale and impact of cyber threats in the region.

Kaspersky reported that its cybersecurity solutions detected and blocked a total of 135,274 ransomware attacks on Southeast Asian businesses from January to December last year.

Ransomware is a type of malicious software designed to prevent access to computer systems or encrypt data until a ransom is paid. Kaspersky noted that both individuals and corporations have been affected by these attacks, which have become increasingly common and complex.

"From just a total of 57,000 ransomware attacks in 2024's first half, ransomware gangs clearly escalated their attacks during the last six months of last year. With ransomware groups leveraging increasingly sophisticated methods, companies in the region are all feeling the pressure as attackers exploit vulnerabilities in the increasingly complex corporate IT and network infrastructure," said Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

By country, Indonesia experienced the highest number of ransomware incidents, with 57,554 detections throughout the year. Vietnam followed with 29,282 cases, while the Philippines recorded 21,629 incidents.

Malaysia saw a dramatic increase in ransomware attacks, with the number of detections rising by 153% year-on-year. According to Kaspersky's data, Malaysia recorded 12,643 incidents last year compared to 4,982 in 2023.

Notable ransomware incidents in Southeast Asia during 2024 included attacks on a national data centre, a postal service provider, a government portal for foreign workers, and organisations in the region's retail sector.

"Ransomware groups persist in refining their tactics, exploiting known vulnerabilities and leveraging advanced tools like Meterpreter and Mimikatz to gain unauthorised access. By targeting internet-facing applications, manipulating local accounts, and evading endpoint defenses, they demonstrate a sophisticated mastery of network weaknesses. The ongoing threat emphasizes the urgent need for robust cybersecurity defenses, as adversaries continue to innovate and exploit even the most familiar vulnerabilities," Hia added.

Kaspersky's recommendations for reducing the risk of ransomware attacks include using robust, properly configured security solutions, such as Kaspersky NEXT, and implementing Managed Detection and Response (MDR) services to proactively detect threats.

The company advises disabling unused services and ports, ensuring that all systems and software are regularly updated with patches, and conducting frequent penetration testing and vulnerability scanning. Kaspersky also highlights the need for comprehensive cybersecurity training for employees to raise awareness of threats and best practices.

Further measures recommended by Kaspersky include the establishment of regular backups for critical data, testing recovery procedures routinely, using Threat Intelligence to monitor the tactics, techniques, and procedures used by ransomware groups, and being vigilant about any new software installed on network systems.