Malaysia ranks 12th in Asia-Pac for number of ransomware attacks

Malaysia ranks 12th in Asia-Pac for number of ransomware attacks
PHOTO: The Star

HE wasn't the fastest, but Eugene (not his real name) feels like a champion after finishing his first marathon.

Posting a selfie he made public on his Facebook account, the 28-year-old later receives an e-mail congratulating him on the feat. "Click on this link to see more pictures and videos of the event," says the e-mail, which appears to be sent from the organiser of the run.

Curious and hoping to see images of himself, Eugene clicks open the link on his laptop but instead, gets a message telling him his device is now locked. All his files have been encrypted and he can't access them, including his work document to be submitted on Monday.

The only way he can retrieve them is to pay a hacker a ransom of US$300 (S$414) in Bitcoin currency. Such an incident, known as a ransomware attack, could very well happen to you if you are not careful.

To top it all off, these cases are expected to increase this year, with "very specific ransomware targeted very specifically at Malaysians" being detected, says Symantec (Asia Pacific and Japan) cyber security services senior director Peter Sparkes.

According to cybersecurity company Symantec Corporation, Malaysia ranks 47th globally, and 12th in the Asia Pacific and Japan region, in terms of ransomware attacks.

Last year, there were 5,069 ransomware attacks or 14 per day in Malaysia. But Sparkes foresees that these numbers will surge.

"Ransomware is very attractive because it makes lots of money. It'll be big here in the coming months, probably averaging 20 attacks per day.

"We've seen a lot of smartphone attacks recently. They love WhatsApp because the best way to get someone to click on a link is if it comes from someone you know," he says.

Sparkes describes such crypto ransomware as the latest, and most dangerous malware threat because it's near impossible to get rid of.

He adds that the experience is very emotional because many people do not back up their data.

"For individuals, losing personal data like photos and videos is traumatic so most victims will pay. Some will even tell you how to infect your friends to decrease your ransom," he reveals.

Ransomware hackers are also using help from psychologists and behavioural experts to study their victims on social media before sending them personalised messages to trigger a response.

But it is not just ransomware that needs to be taken seriously as Malaysians need to be vigilant over social media scams, with these two being named as key trends in the country now by Symantec Malaysia systems engineering director David Rajoo.

He says cybercrime is extremely widespread with one in three Malaysians surveyed having experienced it in the past year and 83 per cent know of someone else who was a victim.

"Consumers here lost an average of 27 hours and about RM8.9bil over the past year, dealing with the fallout of online crime.

"The amount of personal data stored online continues to grow, and while this free flow of data creates immense opportunities, it also opens the doors to new risks," he warns.

Cybercriminals preying on personal data are also a cause for concern here and globally.

Sparkes points out that personal assistants and those in human resources are popular targets because that's how cybercriminals gain access into an organisation's database.

"Take a hotel for example. I'd target the CEO's personal assistant. All I need is 200,000 of their best guests. If I sold the details at US$50, it's pretty good money for a day's work. HR staff's another good one because they look at CVs," he says.

Last year, 500 million personal information was breached globally. That, he says, is a conservative estimate.

Someone checks out your Facebook activities, creates a personalised e-mail to get you to click on a link, and that's it.

Everytime you download an app on social media, you could be giving access to your life, he cautions.

Of 10.8 million apps analysed in 2015, three million were collecting way more information than necessary, Sparkes says.

"Cyber scammers are also making you call them to hand over your cash," he adds.

They send fake warning messages to devices like smartphones, driving users to attacker-run call centres to dupe them into buying useless services.

The services industry is the most vulnerable sector in the country, attracting 72.4 per cent of spear phishing attacks.

There was also a significant spam increase with Malaysia jumping up the global ranking from 44 in 2014 to 23 last year, he adds, lamenting how many still don't realise that cybercrime is an industry.

Cybercriminals are professionals using very sophisticated tools and techniques.

"They work like any other legit organisation - it's a 9am to 5pm job with weekends off, holidays and proper offices. A lot of users still think it's 18-year-olds in the garage fooling around. Nothing could be further from truth. The guys sell info to the underground economy," Sparkes says.

Syndicates only need three things - cheap broadband, a cyber-savvy workforce they can hire, and countries where cyber laws are weak. Asia Pacific and Japan has invested significantly to give their population access to the Internet, he adds, explaining the shocking rise of cybercrime.

"I'm particularly concerned about the senior citizens as many are just discovering the Internet. They're very trusting and will download without questioning. People stress on being streetsmart, but it's just as crucial to be cybersmart," he feels.

More about

Purchase this article for republication.

BRANDED CONTENT

SPONSORED CONTENT

Your daily good stuff - AsiaOne stories delivered straight to your inbox
By signing up, you agree to our Privacy policy and Terms and Conditions.