‘Asleep at the wheel’: cybersecurity experts continue tirade against Hong Kong firms as ransomware attacks proliferate

About 40 attacks reported in last two months, but one security firm says it detected 24,000 cases of Locky ransomware hacking attempts in March alone

PUBLISHED : Thursday, 07 April, 2016, 3:16pm
UPDATED : Thursday, 07 April, 2016, 3:16pm

Organisations in Hong Kong are ill-prepared to deal with rising ransomware attacks, cybersecurity experts said this week after scores of incidents were reported to local authorities in the last two months.

In such cases, attackers usually distribute malware to devices using spam e-mail campaigns. When the user clicks on this, the malware encrypts all of the files in their device. It will only be released upon receipt of a ransom, often in the form of the cryptocurrency Bitcoin.

Why ransomware is a big threat for computer users, and how to prevent attack

At least 40 ransomware attacks have been reported to the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) since February, according to SC Leung, a senior consultant at the body. He said the number of known incidents is likely to be only a “small fraction” of the total.

Security outfit Fortinet detected almost 24,000 cases of Locky ransomware attempts in Hong Kong in March, four times more than in February, according to the company’s security strategist Jack Chan.

Locky is a newer strain of malware that launched some aggressive email campaigns in March. It is known for having a mature infrastructure, advanced encryption and for localising its messages to users based on the language of the infected device’s operating system. At least 15 of the reported cases to HKCERT were due to infection by Locky malware.

The growth of such attacks hints at a lack of cybersecurity expertise among local organisations, according to Albert Wong, chairman of Hong Kong’s Association of IT Leaders in Education.

Ransomware attacks in the city mostly target SMEs and NGOs. These are regarded as easy targets due to their paucity of cybersecurity measures, said Fred Sheu, Microsoft’s national technology officer for the city.

But local schools are also falling victim with over 10 ransomware incidents reported in the last two months, according to Wong. In some cases, the schools’ websites were defaced along with files on the network drive.

“The management of most Hong Kong organisations, are quite frankly asleep at the wheel, when it comes to cybersecurity, and the enormous level of risk involved,” said Michael Gazeley, CEO of security company Network Box.

“Most organisations are still not scanning encrypted traffic entering their networks for malware attacks like ransomware.”

But what makes ransomware so effective for hackers is the social engineering aspect they deploy, said Leung. In some cases, attackers spy on a network to learn about the organisation before sending out an email that looks legitimate, he said.

“By using social engineering, the target is human weakness,” Leung said.

“Many blame systems like antivirus and firewalls for not defending them against attacks, but a lot of the time, it is the users who open unsolicited email attachments [and manually execute the embedded malware].”

Bryce Boland, chief technology officer for Asia-Pacific at cybersecurity firm FireEye, said that a majority of businesses are often less prepared for ransomware attacks than they realise.

“Companies think they are prepared, they think that they have online backup solutions, but some of those online systems will also be encrypted by ransomware,” said Boland.

“In many cases, companies invest a lot of money in what they think will protect them from attacks, but when they occur they find that they have absolutely no protection at all.”

The implications of ransomware are more sinister than just losing access to personal data or taking a financial hit by paying the ransom, according to Boland.

Instead of targeting enterprises in general, organised crime groups could start targeting groups of organisations such as financial institutions, or utility companies at the same time, rendering companies unable to provide their services unless they all pay the attackers.

“You could end up with situations where people can’t take money out of the ATMs, where transactions and payments cannot be completed [until attackers decrypt the files],” said Boland.

Yet the solution to ensuring that ransomware attacks will not prevent users from losing complete access to their data is relatively simple, according to experts.

Microsoft urges users to keep an backup copy of their files offline, or to save their backup only on a trusted cloud storage service. The company also advises users to keep their operating systems and software up to date.

Gazeley advises users not to open emails or attachments from unknown senders and avoid clicking on links in suspicious e-mails even if they claim to come from companies such as Paypal.

“If you are suspicious of an e-mail you’ve received, hover your cursor over the link displayed and, oftentimes, malware emails will display a completely different URL than what it is pretending to be,” said Gazeley.