Kaspersky Expert: Targeted Ransomware Groups Such as Maze Spotted in Southeast Asia
If there is one positive consequence brought about by the COVID-19 situation in Southeast Asia (SEA), it is to prove that the region has the capability to embrace digitalization. In fact, a 2020 research conducted by Kaspersky among 760 respondents from the region revealed that nearly 8-in-10 are currently working from home.
An additional two to five hours have been added on top of the 8-hour daily surfing average of consumers in SEA. In terms of financial matters, 47% of the surveyed individuals have shifted their payment and bank transactions online due to the lockdown restrictions and safety precautions on their respective countries.
Technology and the World Wide Web are stepping up as powerful tools which everyone can leverage to survive this period. Increased reliance on the internet, however, also open more vulnerabilities cybercriminals can exploit. With the combined digital aftermath of the pandemic and the geopolitical situation in the region, Kaspersky announces the top threats public and private organizations should watch out for.
“The year 2020 is not like any other. This year is not only the time of changes, but it changed the time itself. It changed the way we travel, the way we shop, the way we interact with each other. The computer threat model has evolved since COVID-19 started,” says Vitaly Kamluk, director for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky.
Rise of Targeted Ransomware
Through a virtual media conference with select journalists in SEA, Kamluk revealed how cybercriminals have added blackmailing on their arsenal to ensure that their victims will pay ransomware. He also confirmed the presence of top ransomware groups in the region targeting the following industries:
• State enterprise
• Aerospace and engineering
• Manufacturing and trading steel sheet
• Beverage company
• Palm products
• Hotel and accommodation services
• IT services
Among the notorious ransomware families, and is one of the first to conduct such operation, is the Maze family. The group behind Maze ransomware has leaked the data of their victims’ who refused to pay ransom — more than once. They leaked 700MB of internal data online back in November 2019 with an additional warning that the published documents are just 10% of the data they were able to steal.
Aside from this, the group has also created a website where they revealed the identities of their victims as well as the details of the attack – date of infection, amount of data stolen, names of servers, and more.
Back in January, the group was involved in a lawsuit with a cable maker company. This resulted to the website being shut down.
The attack process being used by this group is simple. They will infiltrate the system, haunt for the most sensitive data, and then upload them to their cloud storage. After that, these will be encrypted with RSA. A ransom will be demanded based on the size of the company and the volume of the data stolen. This group will then publish the details on their blog and even make anonymous tips to journalists.
“We are monitoring an uptick on Maze detections globally, even against a few companies in Southeast Asia, which means this trend is currently gaining momentum. While the public shaming part of the attack adds to the pressure of bowing to the demands of these cybercriminals, I strongly advise companies and organizations not to pay ransom and to involve law enforcement agencies and experts during such scenarios. Remember that it is also better to have your data backed up, your cybersecurity defenses in place, to avoid falling victims to these malicious actors,” adds Kamluk.
To remain protected against these threats, Kamluk suggests enterprises and organizations to:
• Stay ahead of your enemy: make backups, simulate attacks, prepare action plan for disaster recovery.
• Deploy sensors everywhere: monitor software activity on endpoints, record traffic, check hardware integrity.
• Never follow the demands of the criminals. Do not fight alone – contact Law Enforcement, CERT, security vendors like Kaspersky.
• Train your staff while they work remotely: digital forensics, basic malware analysis, PR crisis management.
• Follow the latest trends via premium threat intelligence subscriptions, like Kaspersky APT Intelligence Service.
• Know your enemy: identify new undetected malware on premises with Kaspersky Threat Attribution Engine.