Ways to avoid ransomware attacks

Ransomware is hiding in plain sight online, and any internet user can be struck at any time. By scanning a QR code, chatting online, connecting to a public WiFi network, or even just clicking an attachment in an email, you could unknowingly be inviting cyberattackers in.

Last year saw a 600 percent increase in cybercrimes across Southeast Asia, with ransomware the most common of all.

In an APAC Consumer Cybersecurity Survey, three out of five respondents said they had experienced a cyber attack or online threat in the last 12 months. Of all respondents, only 23 percent said they had installed an antivirus application on their devices.

Working, shopping and socializing online, even the smallest slip-up could leave anyone vulnerable. Simply clicking a suspicious link, logging into a new device, or using a weak password could leave an opening for malicious hackers to take advantage of.

It’s not just your own cybersecurity you need to be concerned about. In order to stay protected, you also need to consider the online safety practices of other users you interact with, networks you connect to, and platforms you use.

For parents, their children’s online activity raises an even bigger concern. The majority of parents have never spoken to their children about cybersecurity, even though kids are spending more time online than ever before. Many parents have felt their heart drop upon discovering their child has accidentally managed to rack up an online bill while playing a game or surfing the net.

However, the shock of a ransomware attack would send them into even more of a panic, as they run the risk of not just facing one unexpected expense, but losing their valuable data, and possibly even their life savings.

For students, online studying platforms could leave you vulnerable. What looks like an email about an assignment or a student survey could be an attempt at phishing. So, simply clicking on the wrong link could give cyberattackers access to your private devices and data files. As a result, students can find themselves frantically trying to recover their work before a deadline, often to no avail. This kind of attack can lead to an entire school, university or corporation having to face the threats of cyber criminals.

According to Thomson Reuters, Asia Pacific organizations are 80 percent more likely than the global average to be targeted by cyber attacks. A report by Asia-Pacific Risk Center identified a lack of transparency as one of the main contributing factors to the region’s increased risk.

Digital security experts advise against paying ransoms to cyberattackers. However, avoiding this is easier said than done. Faced with fear of losing everything, along with time restraints rapidly closing in, the majority of APAC organizations that fall victim to these attacks choose to pay.

This is often the case in the medical industry. Healthcare workers are already under constant pressure, and while now being overwhelmed with patients due to the Covid pandemic, the risks are higher than ever. When a hospital or medical center falls victim to ransomware, doctors, nurses and receptionists can lose all access to patient files. When their systems are taken down, it can become a matter of life or death. Faced with those circumstances, no one would be blamed for opting to pay up.

How to avoid ransomware attacks

As well as having a cybersecurity system to prevent attacks, organizations need to have clear protocols to follow in the event that one does happen. The possibility of a cyberattack should be considered a “when”, rather than an “if”. That way, instead of being caught off-guard and spending time deciding the next steps, a business can combat the issue straight away, and have a better chance of reducing damages.

While paying attackers may seem like the quickest way to put an end to the problem, it could have the opposite effect. Paying up once could encourage cyberattackers to target you again in future. Plus, it doesn’t guarantee they’ll release your data.

If you do choose to make a payment, it’s not as easy as taking out your credit card and making a transaction. You’ll have to delve into the dark web and use cryptocurrency, as cybercriminals exclusively use these methods to keep their activities untraceable. So, before you can even start to recover your data, there are several daunting steps to take. Victims will have to visit an exchange, buy cryptocurrency and transfer it to the attacker’s wallet address.

Before making any hasty decisions, users should immediately report ransomware attacks to the appropriate local authorities. Legal professionals and cyber security experts can provide guidance on the right course of action, so you don’t have to deal with the issue alone.

Developing cybersecurity policies

As ransomware upends lives and markets in the Asia Pacific region, United Nations Office on Drugs and Crime (UNODC) invited the public to attend the virtual launch of its ransomware campaign on Feb. 18.

The event saw expert opinions delivered from notable private and governmental agencies across to region during a panel discussion.

The virtual launch of ransomware campaign was held by United Nations Office on Drugs and Crime (UNODC) on Feb. 18. Photo by UNODC

Alexandru Caciuloiu, Cybercrime and Cryptocurrency advisor at UNODC, says that governments must take measures to educate and empower users to protect themselves against ransomware. “A clear government policy to address ransomware is essential,” he stated.

“Government needs to put stronger focus on raising awareness of cyber threats and risks and educating users on best cyber security practices. These efforts should be implemented as part of national policies. It’s important that the public, companies, and organizations are aware of which actions to take in the event of ransomware attacks”.

Read the UNODC report on Darknet Cybercrime Threats to Southeast Asia and RansomAware Campaign Website to learn more about this issue and how to arm yourself against it.