Key ASEAN markets top global ransomware ranking

Research covers the 18 months from the beginning of 2020.

Vietnam, Singapore and the Philippines appear to be fending off more than their fair share of ransomware attacks, according to new research.

The three ASEAN nations rank among the top countries globally to submit ransomware samples to Google-owned crowdsourced intelligence platform VirusTotal.

VirusTotal, part of Google Cloud’s threat detection platform, Chronicle, aggregates over 70 antivirus scanners and URL/domain blocklisting services, analysing suspicious files and URLs to detect types of malware and sharing the data with the broader security community.

At the beginning of October the company launched its first Ransomware Activity Report, providing a holistic view of ransomware attacks by combining more than 80 million potential ransomware-related samples submitted over the past year-and-a-half – from the beginning of 2020.

Of the 140 countries that submitted ransomware samples, Israel was by far and away the leader, in terms of volume, with the highest number of submissions and close to a 600 per cent increase in the number of submissions compared to its baseline.  

However, the remainder of the top 10 most affected territories based on the number of submissions to VirusTotal included no fewer than three ASEAN nations: Vietnam, Singapore and the Philippines.  

Altogether, the top 10 globally were, respectively: Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran and the UK.

Credit: Google/VirusTotal

According to Google, the company saw peaks of ransomware activity in the first two quarters of 2020, primarily due to the ransomware-as-a-service group GandCrab, whose prevalence decreased dramatically in the second half of that year.  

Another sizeable peak occurred in July 2021, driven by the Babuk ransomware family – a ransomware operation launched at the beginning of 2021 that was behind an attack on the Washington DC Metropolitan Police Department in the United States.

All up, at least 130 different ransomware families were active in 2020 and the first half of 2021, grouped by 30,000 clusters of malware that looked and operated in a similar fashion, Google security engineer and VirusTotal threat intelligence strategist Vincente Diaz noted in a blog post.  

Claiming 6,000 clusters, GandCrab was the most active family, followed by Babuk, Cerber, Matsnu, Congur, Locky, Teslacrypt, Rkor and Reveon.

Credit: Google/VirusTotal

“While these big campaigns come and go, there is a constant baseline of ransomware activity of approximately 100 ransomware families that never stops,” Diaz said in his post. “Attackers are using a range of approaches, including well-known botnet malware and other remote access Trojans (RATs) as vehicles to deliver their ransomware.  

“In most cases, they are using fresh or new ransomware samples for their campaigns. This broad collection of activity provides vital insights into ransomware growth, evolution and impact on organisations of all sizes, and provides the breadcrumbs needed for businesses and governments to be much more proactive in building cyber security into their infrastructure,” he added.

The report comes as Singapore works to bolster its cyber security posture, with the country releasing its new Cybersecurity Strategy 2021 on 5 October.

Arriving five years after the launch of the first Singapore Cybersecurity Strategy in 2016, the new strategy works to simplify cyber security for end-users while developing deeper partnerships with industry to adapt to the changes in the cyber operating environment.

In the words of the Cyber Security Agency of Singapore (CSA), the new strategy outlines Singapore’s plans to take "a more proactive stance" against threats, raise the overall level of cyber security across the nation and advance international norms and standards on cyber security.

“As Singapore harnesses digital technology to improve lives and livelihoods for all, cyber security has become a necessity and key enabler for Singapore’s digital economy and Singaporeans’ digital way of life,” the CSA said in a statement.

“Developed in consultation with ministries, government agencies, industry and local and overseas academia, the updated strategy...seeks to address new and emerging cyber threats in the wake of strategic and technological shifts.

“These shifts include the opportunities and cyber risks brought about by emerging technologies, such as edge computing and quantum computing, that are potentially disruptive; growing cyber-physical risks as cyber disruptions can spill over to the physical domain; ubiquitous digital connectivity that expanded the attack surface; and increasing geopolitical tensions in cyberspace,” it added.