The rise in successful ransomware attacks is not necessarily the result of cybercriminals employing significantly more advanced techniques. Instead, many organisations worldwide fail to implement basic cybersecurity measures, leaving themselves vulnerable to greater risks — both in frequency and severity.
Today’s increasingly complex business ecosystems introduce more vulnerabilities, making it easier for cybercriminals to exploit weak points. Singapore’s Cybersecurity Agency (CSA) Cybersecurity Health Report revealed that over 80% of companies surveyed in 2023 experienced a cybersecurity incident, leading to data loss, reputational damage, and business disruptions. Ransomware was cited as one of the most common cybersecurity attacks.
A dangerous precedent: Paying the ransom
While it is unsurprising that organisations continue to fall victim to cyberattacks, it is alarming how often they choose to pay the ransom. In Singapore, 64% of companies, according to an ExtraHop survey, admitted to falling victim to ransomware, frequently violating their ‘no payment’ policies.
For example, a Singapore law firm faced a cyberattack involving double extortion techniques, leading to a ransom payment of US$1.89 billion in bitcoin. This trend highlights significant flaws in cybersecurity preparedness and response strategies. Paying the ransom inadvertently reinforces the effectiveness of these attacks, contributing to the ongoing rise in ransomware incidents.
Cyberattackers’ shifting tactics
Ransomware, once a simple method to lock users out of their systems, has morphed into a sophisticated extortion tool. Today’s attackers frequently steal sensitive data and threaten to release it unless the ransom is paid — a practice known as double extortion.
At the same time, the rise of ransomware as a service (RaaS) has diversified ransomware tactics. By lowering the entry barrier for aspiring cybercriminals, RaaS has contributed to a surge in ransomware attacks. What makes RaaS particularly concerning is that affiliates of these services operate independently, using diverse attack methods and targeting a wide range of victims. This autonomy has made ransomware attacks increasingly complex and challenging to detect or defend against, as they can be carried out with remarkable speed and precision.
Furthermore, the advent of AI has amplified the threats posed by ransomware. Cybercriminals are increasingly using AI to analyse large data sets, identify vulnerabilities, and evade detection. AI-powered ransomware can dynamically adjust ransom demands based on a victim’s perceived financial capabilities and even use bots for negotiation to maximise returns.
As organisations adopt new technologies to gain a competitive edge, they can no longer assume that their defences are sufficient simply because they have not yet experienced a breach.
The tussle against ransomware
Despite the frequent headlines about ransomware attacks, many organisations continue to fall behind in their defences. One primary reason for this vulnerability is the lack of robust backup and recovery strategies. Infrequent or insufficiently tested backups leave organisations ill-prepared to recover from attacks, often leading to the desperate decision to pay the ransom. Even when backup options exist, the fear of reputational harm following a data breach may still drive ransom payments.
Many organisations face multiple barriers in managing cyber risk, including limited funding, talent shortages, and a lack of expertise. These challenges are particularly severe for SMEs, which often operate on smaller budgets and struggle to keep their cybersecurity strategies up to date. Notably, 52% of all reported ransomware incidents in Singapore have affected SMEs. As entry points to larger organisations, SMEs are increasingly vulnerable to malware due to their reliance on digital tools and e-commerce.
At the same time, the critical information infrastructure (CII) sector has also experienced a surge in ransomware attacks, with industries such as healthcare becoming prime targets. These sectors are especially attractive to attackers because of the valuable data and intellectual property they hold.
The 2021 Colonial Pipeline ransomware attack in the United States is a prime example of how infiltrating critical infrastructure can have widespread, domino-like effects that disrupt supply chains and society. Highlighting the need for more comprehensive safeguards, Singapore recently announced a new bill requiring CII owners to report a wider range of incidents, including those affecting their supply chains.
Security teams relying on traditional approaches to tackle this new generation of attacks will be at a severe disadvantage. However, with the right tools, they can fight fire with fire — and prevail.
Strengthening cyber resilience
Immutable backups are a critical line of defence against data loss and corruption. These backups are designed to be unalterable, ensuring that even if a system is compromised by ransomware or other malicious actors, the original data remains intact. A modern backup strategy should prioritise immutability and rapid accessibility. The 3-2-1-1-0 rule offers a practical framework for this: maintain three copies of data on two different media, one off-site, one immutable copy, and zero errors by ensuring air-gapped backups are fully functional.
Human collaboration is equally important. Effective security relies on seamless coordination among teams responsible for managing and operating security tools. Organisational resilience can be compromised by misalignment, potentially leading to missed vulnerabilities and delayed responses. Multi-user authentication (MUA) adds an extra safeguard by requiring multiple individuals to confirm critical actions, such as account deletion. This helps prevent unauthorised access and data manipulation, even if a single person’s credentials are compromised. MUA also ensures that backups remain secure and readily available, strengthening the overall resilience of the data management system.
The battle against ransomware is ongoing. Organisations must remain vigilant, adapt to evolving threats, and invest in robust cybersecurity measures to protect their assets and ensure business continuity.