Singapore branch of Tokio Marine Insurance hit by ransomware attack

Tokio Marine Insurance Singapore (TMiS) said that they were targeted by a ransomware attack on July 31, 2021.

According to the company, their internal Windows servers were targeted by ransomware and their IT security systems were activated resulting in the affected servers being isolated and action taken to recover the servers.

We don’t know how successful they were at recovery, but TMiS said that none of their core insurance operating systems were affected.

They have appointed an external vendor to carry out the forensics investigations and testing that are still ongoing, but there is no indication of any loss of customer information or confidential information so far.

TMiS said that they took time to report the attack as they have been conducting analysis and investigation to confirm the whole picture of the case.

“We have also been cooperating with local regulatory agencies and the police department and we decided to make the case public at this timing. We endeavour to adequately respond to the case and will further disclose more information if we deem it necessary,” a TMiS spokesperson said.

While they currently have no timeline for the investigation as they want to be as complete as possible, customers who are concerned about their data can contact the company through feedback channels.

Paying isn’t always the best option

We asked Ian Hall, Head of Client Services, APAC from Synopsys Software Integrity Group what SMBs and end-users could do to protect themselves when even enterprises were falling victim to ransomware attacks, and he said:

Corporations are obviously the bigger targets with potential multi-million-dollar ransoms being paid but end-users are also targets. They are targets not just for ransomware that encrypts data but also extortion-ware where attackers threaten to expose private details or photos.

An end-user should pay attention to basic online hygiene such as ensuring that a strong password is used which is not duplicated on many sites, ensuring that the software on your own computer is up-to-date and of course being wary of phishing attacks.

For SMBs, he said that any organisation should begin the response to a ransomware attack long before the attack in the form of preventative measures, backups and an incident response plan.

In this case, the preventative measures have been bypassed so the incident response plan should be put into action where they will need to assess the two options – whether to recover the data and systems using backups or to pay the ransom.

The assessment on which option to take has many different factors – the downtime needed to restore backups, the cost of the downtime, the cost of the ransom, and the trustworthiness of the attacker.

We also asked if paying the ransom was a good idea and Hall cautioned that while paying a ransom does sound like a quick fix but there are downsides even if the ransom is affordable.

"The decryption software provided by attackers may not work leading to corrupted data, the attacker may simply not provide anything after the ransom has been paid," Hall said, "Finally, paying any ransom will simply encourage more attackers in future."

This article was first published in Hardware Zone.