Kaspersky links a 64% year-on-year fall to the decline of WannaCry

UPDATED The number of ransomware attacks being launched against small and medium-sized enterprises (SMEs) in Southeast Asia has plummeted this year, according to data from Kaspersky.

The cybersecurity firm says that the number of attacks it has detected and blocked in the region fell from 1.4 million between January and June 2019 to around half a million in the first half of 2020 – a decline of more than 64%.

The sharpest reduction in detections – 89.79% – was seen in Singapore, followed by Malaysia (87.65%), and Indonesia (68.17%).

Sharp drops were also recorded in the Philippines, Thailand, and Vietnam.

Nevertheless, Indonesia and Vietnam still respectively recorded the fourth and eighth most ransomware attacks in the world in the second quarter of 2020, with China, Brazil, and Russia topping Kaspersky’s global rankings.


Read more of the latest cybersecurity news from across Asia


Fedor Sinitsyn, senior malware analyst at Kaspersky, noted that the region-wide fall in attacks mirrored the decline of WannaCry ransomware campaigns, which caused global chaos in 2017 by exploiting security flaws in outdated Microsoft Windows systems.

“The main factor that contributed to this decrease is the gradual decline of the WannaCry ransomware,” he said. “Most probably, with systems getting patched, this uncontrolled worm gets less targets over time.”

However as one threat recedes, another more sophisticated threat is emerging, warned Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.

“The spray and pray tactic of ransomware creators may be over but we are also observing the rise of more dangerous targeted ransomware,” he said.

“The recent headline-grabbing incidents involving Maze ransomware and the recent WastedLocker attack, which allegedly earned $10 million in one infection, should be a clear reminder for all companies, however small, that we need to beef up our cybersecurity now more than ever against this costly threat,” he added.

Regional targets

The downward trend in ransomware attacks was witnessed worldwide, although Kaspersky previously reported only a “moderate decline” between the start of 2018 and the first quarter of 2020.

“The dwindling number of detections of Wannacry, which has been the most prevalent ransomware for the past couple of years, plays the main role” in the worldwide fall in ransomware attacks, Fedor Sinitsyn told The Daily Swig. “As it is a global threat which doesn’t have the capability to distinguish its targets geographically, its decline affected all regions simultaneously.”

Africa and the Middle East were the regions hardest hit by ransomware gangs, owing to turbulent political situations in many countries and widespread security shortcomings.

Ransomware groups also continue to target healthcare, governmental, and educational institutions, which often have serious security deficiencies and can least afford downtime or the loss of sensitive personal data.

Some 45% of public sector organizations were hit by ransomware last year, according to figures from Sophos (PDF).

The cybersecurity firm also found that 94% of organizations whose data was encrypted successfully retrieved their data, 56% of which via backups and 26% by paying the ransom.


This article was updated on September 9 with the addition of comments from Fedor Sinitsyn of Kaspersky


RECOMMENDED How do you solve a problem like REvil? Recent GandCrab arrest will have ‘no impact’ on successive ransomware campaign