An emerging and new breed of malware continues to pose a significant threat to companies — and individuals — across the Asia Pacific (APAC) region.
Computer security firm Kaspersky also warned that these malware, particularly “ransomware 2.0”, are targeting not just money, but also sensitive data.
Whereas “ransomware 1.0,” or the “older” versions of these software primarily aims to encrypt data and hold it for ransom, the newer, more dangerous ransomware 2.0 may cause bigger damage. Companies may even face reputational and PR risks from these new breeds of malware.
Alexey Shulmin, lead malware analyst at Kaspersky, noted that ransomware 2.0 is even getting a boost from the current pandemic, and in fact, 2020 proved to be a very “productive” year for what Kasperksy is calling “threat actors” or cybercriminals.
“There are new emerging families of ransomware, and threat actors are looking at the APC region as a very good target,” Shulmin, in a virtual presentation, said.
He noted that new variants of the “REvil” and “JSWorm” ransomware families have now emerged and are posing a significant threat to the region.
“The year 2020 is the most interesting year in the decade or in history, and cybercriminals are taking advantage of the pandemic to spread new ransomware,” Shulmin said.
Additionally, what makes ransomware 2.0 more dangerous is that, unlike ransomware 1.0, data that is stolen by ransomware 2.0 is almost impossible to get back. Unlike ransomware 1.0 where the encryption can be cracked easily, cracking encryption made from ransomware 2.0 is much more difficult.
Ransomware 2.0 are also designed to “exfiltrate” all sensitive data, Shulmin warned.
Shulmin noted that large companies, including LG and Southwire are just some of the global firms which had to deal with ransomware 2.0 in 2020.
Ransomware 2.0 are also designed for highly targeted attacks, particularly of large companies holding tons of data.
In terms of countries, Shulmin said the brunt of the ransomware 2.0 attacks happened in China. Most of the attacks came from a new breed of JSWorm malware.
So what companies do to try to combat ransomware 2.0? Shulmin said the basic steps will include keeping your operating systems up-to-date and applying patches, once they become available. Companies should also carry out security assessments of their infrastructure and use endpoint security with behavior detection, if possible, he said.
Training staff on cybersecurity best practices will also help, as well as using only secure technologies for remote connections.
Interestingly, Shulmin said ransomware 2.0 gets inside computer systems from remote access connections that may have weak passwords.
