Ransomware risk is top of mind for both citizens and Chief Information Security Officers (CISOs). From the boardroom to the Security Operations Centre (SOC), everyone is feeling the pain of disruption. Our working lives are thrown into disarray when we’re locked out of systems, compelling us to revert to pen and paper. Too often, ransomware delays much-needed surgeries or requires manual intervention where digital processes were once easy and efficient.
However, the effects of ransomware don’t appear to be going anywhere soon.
Digital extortion-based attacks are on a steady rise, and its impact is being felt across every industry, including those in critical infrastructure. Forescout’s research arm, Vedere Labs, has observed 3,531 attacks through August of this year. The data is compiled via open-source tracking of ransomware leak sites. This is an increase of 5% from last year and is equal to 442 attacks per month, or 15 per day.
In ASEAN alone, there were 74 incidents in the same period, with Singapore and Indonesia accounting for more than half of those. Every day, it seems, there are new reports of extortionists being paid off by large enterprises or municipal government systems being shut down by attackers.
Indonesia recently faced a ransomware attack that paralysed its critical government services. Separately, the Philippines suffered a ransomware incident last year, where hackers demanded US$300,000 from one of the country’s largest health insurance groups. More recently, a different ransomware attack targeted one of the Philippines’ government departments, resulting in the temporary suspension of its online services.
Globally, claims of the largest ransom ever paid — US$75 million — have been published by researchers at Zscaler. This amount is nearly double the highest known payment of US$40 million, made by US insurer CNA in 2021. In Singapore, a law firm allegedly paid US$1.4 million in Bitcoin to a ransom group after almost a week of negotiations.
But not every organisation will pay up. In fact, the Singapore Cyber Security Agency (CSA) strongly discourages ransom payments.
The spotlight is on healthcare
Some of the largest ransomware attacks in 2024 have targeted healthcare, where medical device hardware and digital systems are deeply intertwined. Between devices and software, healthcare is highly dependent on networked systems and the Internet of Things (IoT). From our Riskiest Connected Devices report released this year, we found that IoT devices experienced a 136% increase in vulnerabilities.
Singapore has certainly had its fair share of ransomware attacks involving healthcare providers and institutions. In 2021, a private eye clinic suffered a ransomware attack that affected the personal and clinical information of nearly 73,500 patients. Late last year, hackers also disrupted internet connectivity in public healthcare institutions in Singapore with a distributed denial-of-service (DDoS) attack, allegedly for financial gain.
The World Economic Forum notes that cyberattacks on the healthcare industry can have ramifications beyond financial loss and privacy breaches. The consequences can be deadly, leading to the loss of patient data and medical tools. Hospitals and clinics may also take months to recover.
Cyberattacks involving operational technology (OT) and IoT are part of an alarming trend. Ransomware gangs, often operating under a ransomware-as-a-service (RaaS) model, cripple the operations of multiple organisations simultaneously. Attacks have evolved from merely encrypting data (2019) to exfiltrating data before encryption (2020), to large extortion campaigns with several phases (2021). This shift in attacker methods means ransomware gangs now have the ability to disrupt virtually any organisation’s operations.
Organisations need strong cybersecurity risk management practices to achieve effective cyber resilience. The process begins with identifying and assessing cybersecurity risks, which involves a comprehensive analysis of an organisation’s systems, networks, and data to uncover vulnerabilities and potential threats. By understanding the specific risks they face, businesses can prioritise efforts and allocate resources more effectively.
In addition to understanding the broader cybersecurity ecosystem and the latest technological defences, organisations must also foster a culture of cyber awareness across all departments. With ransomware tactics constantly evolving, collaboration between IT, compliance, and audit teams is critical to addressing vulnerabilities — from technical weaknesses to human error. By implementing continuous monitoring, swift incident response protocols, and focusing on resilience over reaction, organisations can mitigate the growing risks and maintain business continuity, even in the face of sophisticated cyberattacks.
