Kaspersky Says 2020 Most Productive Year For Ransomware 2.0 In Asia Pacific

It’s no surprise that you’ve been hearing about a lot more ransomware attacks lately. Cybersecurity firm Kaspersky confirmed a significant increase in Ransomware 2.0 attacks in the Asia-Pacific (APAC) region last year.

Ransomware 2.0 refers to the hacker shift from locking data to stealing data and holding it for ransom. “2020 was the most productive year for ransomware families who moved from hostaging data to exfiltrating data, coupled with blackmailing,” said Kaspersky Lead Malware Analyst Alexey Shulmin.

He added, “In APAC, we noticed an interesting re-emergence of two highly-active groups, REvil and JSWorm. Both resurfaced as the pandemic raged in the region last year and we see no signs of them stopping anytime soon.”

REvil, in particular, has achieved quite a bit of infamy in the last few months. The hacker group reportedly claimed they breached Acer and demanded from the company the largest known ransom ever of US$50 million (~RM205.6 million). Separately, it was reported that REvil ransomware can apparently change Windows passwords and then automate a system’s file encryption via Safe Mode.

Kaspersky noted that, back in 2019, REvil hackers mostly targeted victims in the Asia Pacific – particularly in Taiwan, Hong Kong, and South Korea. Last year, however, the cybersecurity firm detected the group’s presence in almost all countries and territories.

According to Kaspersky, the biggest chunk of REvil’s industrial targets falls under the Engineering and Manufacturing category (30%) followed by Finance (14%) and Professional and Consumer Services (9%).