SINGAPORE: There were 17 ransomware cases flagged to Singapore authorities in the first 11 months this year, up from just two in 2015, the Cyber Security Agency (CSA) said.
Ransomware attacks happen when cyber criminals encrypt files or lock a user's computer and then demand money for the user to regain access.
One of the firms that was hit in such fashion was a subsidiary of maritime supply chain management company BH Holdings. Two staff members tried to open an email attachment from an unknown source, recounts IT executive Roberto Ang. "They double-clicked on it, and they could not open it. So they thought that it's just some file that cannot be opened. So they just ignored it and continued working.
"Then after half a day, they started to find that they cannot access some of the files, and these had a weird extension."
That is when the alarm bells went off for Mr Ang. "I saw that there was a text file inside the encrypted folder that showed that it was ransomware, asking for payment to decrypt the files."
The company decided not to pay the ransom of US$1,000 (S$1,447). Instead, it spent a week rebuilding about 3,000 infected files with data of the accounts and stocks from hard copy files.
After the attack, the company also invested in cyber insurance and added information on such advanced threats during its cybersecurity training sessions for staff held every quarter.
The CSA said it believes the number of ransomware cases may be higher as most cases go unreported. Indeed, the Internet Security Threat Report by Symantec estimates that were an average of 16 ransomware attacks a day in Singapore last year, ranking the country eighth in the region for such threats.
Attackers tend to target businesses rather than individuals as they have more critical information that would compel them to pay up a ransom, an expert told Channel NewsAsia. The hackers are also getting craftier in their tactics. Symantec security advocate Tarun Kaura painted one such scenario. "Let's say I'm a HR professional in a specific enterprise, and I've been given a target for a recruitment drive. I have to hire a few people - it's important because there are deadlines," he said.
"If I go on public social websites saying I'm hiring ... someone (an attacker) can craft an email sending a maybe a resume or information on a talent pool that I would want to look into. That's how they go after certain departments or people in an enterprise - by being more relevant and contextual to a business."
So how can users be on guard for such malicious emails? Mr Kaura advises people to look at the header of the email and scrutinise its contents. "If you see a bit of ambiguity in that in terms of how it's been named and where it's coming from, which domain it's coming from, it is easy for a consumer to figure out that this mail is not coming from a legitimate source.
"You should take a step back and see ... let's not click everything that comes to you."
The CSA said victims of ransomware can lodge a police report, or approach the Singapore Computer Emergency Response Team (SingCERT) for advice.