A Closer Look at Ransomware Attack Trends in APJ
Since the onset of the COVID-19 pandemic, the Asia-Pacific and Japan (APJ) region has seen a surge in cyberattacks. Asia was the most attacked region last year and ransomware was the top attack type. More than 80% of organizations in APJ were hit by ransomware attacks at least once in the last five years, with only 32% disclosing the incident.
Akamai researchers have been researching and analyzing ransomware as a service (RaaS) providers to uncover the underlying mechanisms that have contributed to their success.
We recently released the Akamai Ransomware Threat Report APJ Deep Dive H1 2022, which did an in-depth analysis of Conti, one of the most prolific RaaS providers. The Conti RaaS group reportedly reaped US$180 million in 2021 from ransom payments. However, in May 2022, news surfaced that the group disbanded and joined smaller ransomware groups, possibly to evade law enforcement.
Countries in APJ hit by Conti attacks
Australia, India, Indonesia, New Zealand, and China were the five countries with the highest number of Conti cyberattacks in APJ. Australia topped the list with 45%, followed by India and Indonesia.
It’s not surprising to see India and Indonesia on the list, as both countries have been experiencing a significant increase in cyberattacks. For instance, the number of cyberattacks against organizations in India increased by 25% from last year. On the other hand, Indonesia suffered from approximately more than 11 million cyberattacks in Q1 2022 alone.
The APJ region accounted for approximately 5% of Conti’s ransomware victims globally. This is partially due to the Conti group’s heavy slant against Europe, Middle East, and Africa (EMEA) and North America. However, it is essential to note that despite the low total attack count in the region, the impact of each individual attack can vary. In addition, other RaaS groups may show different attack patterns than Conti. As such, organizations in APJ need to remain vigilant and to keep abreast of the latest security risks.
Vertical distribution of Conti cyberattacks
Business services
Our analysis of the vertical distribution of attacks revealed that business services were the most victimized industry in APJ. Successful attacks on this vertical can be dangerous because of the risk of cyberattacks on the supply chain. Cybercriminals may compromise a third party, such as business services companies, to gain a foothold on high-value targets.
One such example is a Taiwanese company and supplier/contractor for a high-end automobile manufacturer and a consumer electronics company, among others, that suffered a Conti attack in 2022. Although the cyberattack reportedly impacted only noncritical systems, it is crucial to highlight the security risks that third-party companies could potentially introduce to their affiliated organizations.
Critical infrastructure
The APJ region also shows a significantly larger percentage (13.6%) of Conti attacks against critical infrastructure than other regions. Attacks on these verticals could have catastrophic, real-world implications.
Case in point: One of the largest electricity providers in Australia was hit by a Conti attack in 2021. The cyberattack did not disrupt their services, but it’s not hard to imagine the detrimental effects if it did.
Retail and hospitality
Retail and hospitality combined was the second-most attacked vertical in APJ. The commerce industry contains troves of confidential information, such as personal identifiable information (PII) and credit card numbers, making it a lucrative target.
The ramifications of ransomware attacks
Ransomware attacks cost US$20 billion globally in damages in 2021. It is predicted that such costs will likely increase to approximately US$265 billion annually by 2031. When organizations get hit by ransomware attacks, they may suffer downtime resulting in loss of productivity, brand and reputation damages, remediation and recovery costs, and legal fees, among other problems.
It is worth noting that the ramifications of ransomware attacks can extend far beyond their impact on an individual company. Earlier, we mentioned that more than 65% of organizations in Asia did not disclose if they suffered from ransomware attacks. And two of the primary reasons for nondisclosure are the fears of getting attacked again and having a tarnished reputation, which could subsequently lead to customer and financial losses.
SMBs: hit by Conti attacks
We also looked closely at the revenue ranges of organizations that got hit by Conti attacks. More than 40% of victimized organizations make revenue up to US$50 million. We can surmise that the Conti group is targeting small and medium-sized businesses that have the capacity to pay the ransom but do not have the same resources and cybersecurity technologies as larger enterprises.
Another interesting trend is that 18% of affected organizations in APJ are in the US$1 billion revenue bracket. This is in contrast to the global trend, which shows a relatively low percentage in this bracket.
Double extortion tactics
Ransomware as an attack vector is largely financially motivated. And businesses, regardless of their size, hold confidential and sensitive data — such as PII, trade secrets, and proprietary information — which makes them viable targets.
RaaS groups like Conti are known for double extortion tactics in which they encrypt files and exfiltrate confidential data. As such, victims may be compelled to pay the ransom even though they have backups. Refusing to do so could lead the attackers to peddle the stolen information to the highest bidders or use it for other cyberattacks.
Summary
The tactics, techniques, and procedures (TTPs) used by the Conti group are not novel but continue to be highly effective. Although the Conti group seemingly put a halt on their operations, our insights and analysis of Conti’s attack TTPs could aid security practitioners in defending their network and data against similar attacks.
