By 
Singaporean authorities have issued a strong advisory to businesses, cautioning against paying ransoms in the event of ransomware attacks. They urge immediate reporting of incidents to the relevant authorities.
Singapore Issues Ransomware Alert
The ransomware known as Akira, which has extorted $42 million from over 250 organizations across North America, Europe, and Australia within a year, is now targeting businesses in Singapore.
A joint advisory from the Cyber Security Agency of Singapore, the Singapore Police Force, and the Personal Data Protection Commission has alerted local businesses to the rising threat posed by an Akira ransomware variant.
Recent Complaints and Investigations
Several victims of Akira’s cyberattacks have recently lodged complaints with Singaporean authorities. The United States Federal Bureau of Investigation (FBI) has previously identified Akira as targeting businesses and critical infrastructure entities.
Detection and Neutralization Strategies
Authorities have provided guidance on detecting, deterring, and neutralizing Akira ransomware attacks. Businesses that have been compromised are strongly advised against paying ransoms.
Warning Against Ransom Payments
Akira ransomware perpetrators demand payments in cryptocurrencies such as Bitcoin (BTC) to return control of hijacked systems and data. However, Singaporean authorities emphasize that paying ransom does not guarantee data decryption or that attackers will not publish stolen data. They advise:
“If your organization’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.”
Additionally, paying ransom may encourage malicious entities to attempt further attacks in hopes of additional payments. The FBI has noted that Akira rarely initiates contact with victims, instead expecting victims to reach out.
Recommended Mitigation Techniques
Businesses are advised to implement various threat mitigation techniques, including:
- Establishing a recovery plan
- Using multifactor authentication
- Filtering network traffic
- Disabling unused ports and hyperlinks
- Applying system-wide encryption
Cybersecurity Best Practices
The advisory highlights best practices against ransomware attacks, as outlined by the Cybersecurity and Infrastructure Security Agency (CISA).
Related Developments
A recent report from cybersecurity firm Kaspersky revealed that North Korean hackers have been targeting South Korean cryptocurrency businesses using Durian malware. Kaspersky noted that Durian has extensive backdoor functionality, enabling command execution, file downloads, and data exfiltration.
Moreover, Kaspersky suggested a possible connection between the North Korean hacking group Kimsuky and the more notorious Lazarus Group, as indicated by the use of the LazyLoad malware by Andariel, a subgroup within Lazarus.
In light of these threats, businesses are urged to remain vigilant and take proactive measures to safeguard their systems and data.
Comments