Singapore firms sitting ducks for ransomware attacks: study

Firms have paid as much as $1.87m when their data was held hostage.

Singapore firms data may not be safe as 1,300 security professionals said that more than half of organisations globally suffered ransomware attacks, according to a study by cybersecurity expert Cybereason.

In some cases some Singapore firms, in their panic in losing getting locked out of their own system, opt to pay the ransom. But according to Cybereason, 90% of those who do pay just open themselves up for the possibility of a second cyber attack.

In the 100 Singapore companies the cybersecurity expert surveyed, 25% of businesses who did pay the ransom suffered a second attack, often at the hands of the same perpetrators.

The research also divulged that of the organisations who opted to pay a ransom demand to regain access to their encrypted systems, 28% reported that some or all of the data was corrupted during the recovery process. 

“These findings underscore why it does not pay to pay ransomware attackers, and that organisations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy,” Cybereason said.

Further findings revealed that 25% of organisations reported a significant loss of revenue following the ransomware attacks. 40% of organisations indicated that their brand and reputation were damaged as a result of a successful attack whilst 37% of businesses that paid a ransom demand shelled out between US$140,000 ($186,939) to US$1.4m ($1.87m). Another 5% paid ransoms exceeding  US$1.4m ($1.87m).

Even worse, 20% of organisations were forced to shut down operations entirely due to these attacks.

“Singapore businesses must understand that paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again, and in the end only exacerbates the problem by encouraging more attacks. Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organisations to stop disruptive ransomware before they can hurt the business,” Leslie Wong, regional vice president for Asia Pacific at Cybereason said.