Ransomware attacks increased significantly over the last year with 2020 becoming the year of ‘Ransomware 2.0’ in the Asia Pacific (APAC), according to cybersecurity firm Kaspersky.

Experts from the global cybersecurity company detailed two notorious ransomware families particularly eyeing victims in the region — REvil and JSWorm.

Also read: Ransomware hits AXA units in Asia, hurts Ireland healthcare

Almost always a “targeted ransomware”, Ransomware 2.0 refers to the groups who moved from hostaging data to exfiltrating data, coupled with blackmailing. The aftermath of a successful attack includes significant monetary loss and damaging reputation loss.

“2020 was the most productive year for ransomware families who moved from hostaging data to exfiltrating data, coupled with blackmailing. In APAC, we noticed an interesting re-emergence of two highly-active groups, REvil and JSWorm. Both resurfaced as the pandemic raged in the region last year and we see no signs of them stopping anytime soon,” said Alexey Shulmin, Lead Malware Analyst at Kaspersky.

Cyberattacks from the REvil ransomware, also known as Sodinokibi and Sodin group, accelerated significantly in July 2020.

REvil first peaked in August of 2019 with 289 potential victims. From targeting only 44 Kaspersky users globally last June 2020, the ransomware group accelerated their attacks. Kaspersky solutions protected 877 users in July from this threat, logging a 1,893 per cent increase in a span of one month.

“Back in 2019, most of their victims were only from APAC — particularly in Taiwan, Hong Kong, and South Korea. But last year, Kaspersky detected their presence in almost all countries and territories. It is safe to say that during their “silent months”, REvil creators took their time to improve their arsenal, their method of targeting victims, and their network’s reach,” added Shulmin.

APAC remained one of the top targets for REvil. Out of 1,764 Kaspersky users targeted by the group in 2020, 635 (36 per cent) were from the region. Brazil, however, logged the most number of users almost infected with this threat followed by Vietnam, South Africa, China, and India.

The activities were primarily targeted towards industries such as Engineering and Manufacturing (30 per cent), followed by Finance (14 per cent) and Professional and Consumer Services (9 per cent). Legal, IT and Telecommunications, and Food and Beverage industries were under equal threat at 7 per cent.

Also read: How ransomware ecosystem operates

Like REvil, JSWorm also entered the ransomware landscape in 2019, Kaspersky said.

However, as per the report, it was more varied in terms of geographical distribution. In the initial months, it was detected across the globe — in North and South America (Brazil, Argentina, USA), in the Middle East and Africa (South Africa, Turkey, Iran), in Europe (Italy, France, Germany), and in APAC (Vietnam).

“The number of JSWorm victims is relatively lower compared with REvil but it is clear that this ransomware family is gaining ground,” it said.

Overall, Kaspersky solutions blocked attempts against 230 users globally, a 752 per cent increase compared with 2019’s 27 users almost infected with this type of threat.

China emerged as the country with the most number of KSN users almost infected by JSWorm globally, followed by the US, Vietnam, Mexico, and Russia. More than one-third (39 per cent) of all the enterprises and individuals this group has targeted last year were also located in APAC.

In terms of industries, 41 per cent of JSWorm attacks were targeted against companies in Engineering and Manufacturing industry. Energy and Utilities (10 per cent), Finance (10 per cent), Professional and Consumer Services (10 per cent), Transportation (7 per cent), and Healthcare (7 per cent) were also at the top of their list, as per the report.

Related Topics
comment COMMENT NOW