Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
SINGAPORE: Three out of five – or 64 per cent – of Singaporean firms paid a ransom during cyberattacks in 2023, a survey by data security firm Cohesity has found.
Of these, 36 per cent paid at least US$500,000, according to the study which was released earlier in July.
In ransomware attacks, threat actors use malicious software to encrypt files on a device, then demand ransom, typically in cryptocurrency, in exchange for undoing their work.
Singapore’s Cyber Security Agency (CSA) said in response to queries from CNA that the number of local ransomware incidents reported last year “remained high” at 132 cases, same as the year before.
Ransomware activity has generally been rising around the world.
In CSA’s Singapore Cyber Landscape 2023 report published on Tuesday (Jul 30), it noted a record number of ransomware victims reported globally last year, with a 49 per cent jump from 2022.
“Ransomware criminal actors are opportunistic and look for weaknesses in unsuspecting companies’ or organisations’ cybersecurity to make easy money,” said the agency.
CSA reported that manufacturing remained the No 1 industry affected by ransomware, with construction second.
These two sectors might have been targeted as their level of cybersecurity might not have been as mature. They might also be more susceptible to being pressured to pay up, rather than face costly operational disruptions and project delays, said CSA.
For its survey, Cohesity polled 302 IT and security executives in Singapore between late June and early July, with most hailing from sectors like IT, telecommunications, manufacturing, healthcare and financial services.
Of the 64 per cent who paid ransoms, almost half – 47 per cent – coughed up between US$100,000 and US$499,999.
Nearly all respondents believed the threat of cyberattacks on their industry would increase or had already increased this year.
A significant majority – 80 per cent – said their company would pay a ransom to recover data and restore business processes.
Almost 60 per cent said their company would be willing to pay over US$1 million in ransom, with 16 per cent saying they would shell out over US$5 million.
In April, Singaporean law firm Shook Lin & Bok was hit by a ransomware attack and paid US$1.4 million in Bitcoin to the Akira ransomware group. The attackers’ initial demand of US$2 million was negotiated down after a week.
In the Cohesity survey, 71 per cent of respondents said their companies actually had “do not pay” policies. For 64 per cent to pay up despite such guidelines is a “major concern”, said Cohesity’s global cyber resilience strategist James Blake.
Asked to respond to the survey, CSA said cybersecurity firms like Cohesity regularly produce such reports “based on their own intel and research for their various stakeholders”.
“We note that they are, in their own ways, providing insights into the multitude of cyber threats out there in cyberspace,” said the agency. “However, as this is an independent investigation report by a commercial entity, we have no comment on its contents.”
CSA however told CNA it “strongly discourages ransom payments”.
“With ransomware attacks rising globally, it is vital for organisations to take steps to better protect their systems and data from attacks,” it added, noting that measures in this space have been introduced over the years.
For instance, CSA has issued advisories, cybersecurity toolkits and certification schemes for companies. It also works with international partners to disrupt the ransomware criminal industry.
In the event of a ransomware attack, companies should visit the Singapore Police Force’s Ransomware Portal, which has resources to assist in recovery efforts, said CSA. Companies should also report the incident to CSA’s Singapore Cyber Emergency Response Team or SingCERT.
If necessary, a cybersecurity vendor with relevant expertise can be engaged.
Under Singapore’s Cybersecurity Act, ransomware incident reporting is mandatory for regulated entities or computer systems.
These include Critical Information Infrastructure – necessary for the continuous delivery of an essential service – and foundational digital service providers such as cloud services and data centres.
Despite the global rise in ransomware attacks, “the increase is not at an alarming rate”, Associate Professor Liang Zhenkai from the National University of Singapore’s department of computer science told CNA.
“Ransomware has been around for many years, with a big surge during the COVID-19 pandemic due to the large-scale work from home arrangement,” he explained.
He urged firms to remain vigilant, including by having good data backup and recovery as well as cyber hygiene processes.
These include not downloading and running programmes from unknown sources, and not using accounts with administrator privileges for day-to-day tasks.
English