India and Australia have logged the highest number of security incidents related to targeted ransomware groups this year, according to a new report by Kaspersky.

Vitaly Kamluk, Director of Global Research and Analysis Team (GReAT) for the Asia Pacific region at Kaspersky, in a virtual conference recently revealed that at least 61 entities from the region were breached by a targeted ransomware group in 2020. Australia and India logged the highest number of incidents across APAC, as per the report. “Targeted ransomware has been a problem for many Asian enterprises. Over 61 companies were breached this way in Asia alone. In some cases, Maze ransomware gang claimed responsibility and published stolen data from the compromised companies,” said Kamluk.

As per Kaspersky’s data industries manufacturing of clothes, shoes, furniture, consumer electronics and home appliances were some of the most affected segments by these attacks. Other segments such as public service, media and technology, heavy industry (including oil, mining, shipbuilding, steel, chemicals, machinery manufacturing), consulting, finance and logistics were also impacted.

Latest pressure tactics

Researchers at the cybersecurity company have warned of “Ransomware 2.0” which goes beyond accessing a company’s or an organisation’s data. Ransomware groups are now leveraging the importance of these organisations’ “digital reputation” to bully them into shelling out a heftier ransom.

According to the report, ransomware groups are using “pressure tactics” by threatening to or leaking stolen data online. “Pressure tactic” refers to “cybercriminals threatening victims that they will publicly leak most sensitive data stolen from their compromised systems via the group’s own website,” explained Kaspersky.

According to a recent survey conducted by Kaspersky, 51 per cent of users in APAC agreed that a company’s online reputation is essential, while 48 per cent said that that they avoid companies who were involved in a scandal or had received negative news coverage online.

“Maze group stands out as the most active and the most damaging of all. Formed in summer 2019, it took them about half a year to prepare and launch a full-scale campaign against many businesses. The first victims appeared in November 2019, when they leaked 700MB of the victim's internal data online,” Kaspersky said.

The Maze breached at least 334 companies and organisations and is one of the first groups which started the use of “pressure tactic” as per the report.

“Pressure tactic is a serious threat to public and private organisations. This attack plays on companies’ digital reputation as it threatens to divulge data of a breached entity, compromising its security and its name at the same time,” Kamluk said.

“Maze group just announced that they are closing down, but this gang just triggered the beginning of this trend. A successful targeted ransomware attack is a PR crisis which can damage an organisation’s reputation, online and offline. Financial toll aside, fixing one’s name is quite a harder task to take which is why we urge public and private entities to take their security seriously,” added Kamluk.