Ransomware and extortion cases in the country jumped by 57.4% in 2022, according to the 2023 Unit 42 Ransomware and Extortion Report, a compilation of findings from Palo Alto Networks Unit 42 incident response work from about 1,000 cases throughout the recent 18 months.
The report unveiled 11 reported cases across key sectors in 2022. Threat actors were found to be utilizing more aggressive tactics to pressure organizations, with harassment being involved 20 times more often than in 2021.
The harassment was usually carried out through phone calls and emails—targeting a specific individual, usually in the C-suite, or even customers, to pressure them into paying a ransom demand.
Based on the same report, the Philippines ranked No. 4 in Southeast Asia in terms of ransomware and extortion cases online—accounting for about 12% of attacks across the region. The country tied with Malaysia in rank. The 11 reported cases in the Philippines and Malaysia were higher than 9 in Vietnam but lower than 14 in Indonesia, 18 in Singapore, and 28 in Thailand. Across the Asia-Pacific region, ransomware and extortion attacks rose by 35.4% to 302.
Manufacturing, professional and legal services, and state and local governments were still the most targeted sectors in the Philippines during the period.
There were 30 organizations on the Forbes Global 2000 list that were publicly affected by extortion attempts in 2022. Since 2019, at least 96 of the organizations have had confidential files publicly exposed to some degree as part of the attempts for extortion. At least 75% of ransomware attacks filed by Unit 42’s Incident Response team resulted from attack surface exposures.
Every day, Unit 42 researchers see an average of seven new ransomware victims posted on leak sites—equating to one new victim every four hours. In fact, in 53% of Unit 42’s ransomware incidents involving negotiation, ransomware groups have threatened to leak data stolen from organizations on their leak site websites. This activity has been seen from a mix of new and legacy groups, indicating that new actors are entering the landscape to cash in as legacy groups have done. Established groups like BlackCat, LockBit, and others contributed to 57% of the leaks, with new groups trailing close behind with 43%.
[wpedon id=”7508″ align=”center”]
