Ransomware threats spread to APAC

Major ransomware threats have expanded to Asia-Pacific, and the developers have started localising their tools to target multiple geographies.

These are among the findings of research into several notorious ransomware families conducted by the SecureWorks Counter Threat Unit.

The research shows that the current top four ransomware families — Locky, Cerber, TorrentLocker and CryptXXX — have all developed localised versions of their threats for Japan, with the latter also developing a localised version for South Korea.

Localisation of ransomware threats can include writing ransom messages in the local language, strategically targeting local websites to compromise, using spam campaigns in the local language to deliver ransomware or providing payment instruments using local bitcoin wallets and exchanges.

Generally 0.25% to 3% of all victims elect to pay a ransom to the attackers, which means the largest operations are making several million dollars per year.

Annual direct losses from all ransomware families combined are estimated to exceed US$10 million ($13.2 million) annually, and SecureWorks estimates that the cost of business disruption, lost data and infection remediation likely extends into the hundreds of millions of dollars annually.

“Unlike other types of malware that are mostly designed to compromise the system covertly, ransomware requires end-user interaction to achieve its goal — collecting ransom. This makes localising the threat particularly useful to attackers,” SecureWorks CTU Senior Security Researcher Alex Tilley said.

To protect against ransomware, the company recommends keeping offline backups of critical data as cloud or network storage backups can themselves be compromised by the malware.

Image courtesy of Santeri Viinamäki under CC