Singapore Authorities Warn Businesses of Bitcoin Ransomware Threat

Singaporean authorities have warned businesses sternly about the growing threat of Bitcoin (BTC) ransomware.

Understanding the Bitcoin Ransomware Menace

As digital currencies gain prominence, cybercriminals increasingly resort to ransomware attacks to extort money from unsuspecting victims. These attacks involve encrypting the victim’s files and demanding payment, usually in BTC, for their release. With Singapore being a global financial hub and a tech-savvy nation, the risk of such attacks cannot be underestimated.

On June 8 2024, Singaporean authorities issued a joint advisory alerting local businesses about the rising threat of Akira ransomware that stole $42 million from over 250 organisations across North America, Europe and Australia within a year, now actively targeting businesses in Singapore. The warning follows reports from various agencies, such as the Cyber Security Agency of Singapore, the Singapore Police Force, and the Personal Data Protection Commission, who have recently been informed of multiple complaints from individuals and organisations affected by the cyber assault. 

Rising Incidents and Vulnerabilities

Recent incidents highlight the rising prevalence of BTC ransomware attacks targeting businesses across several sectors in Singapore. Cybercriminals often exploit vulnerabilities in outdated software, weak passwords, or unsuspecting employees through phishing emails to access a company’s network. Once inside, they deploy ransomware, encrypt critical files, and demand payment in BTC for decryption keys, crippling operations and causing significant financial losses.

Earlier inquiries by the United States Federal Bureau of Investigation (FBI) revealed that Akira ransomware has been focusing its attacks on businesses and critical infrastructure establishments. Kaspersky, a cybersecurity company, recently discovered North Korean hackers were directing their attacks towards South Korean crypto businesses using Durian malware. Kaspersky noted, “Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads, and exfiltration of files.”

Mitigating the Threat

In response to this growing threat, Singaporean authorities urge businesses to bolster their cybersecurity measures and adopt proactive strategies to minimise the risk of BTC ransomware attacks. Here are some key recommendations:

1. Regular Software Updates and Patch Management: Keeping all software and systems up-to-date with the latest security patches is crucial in thwarting potential ransomware attacks. Cybercriminals often exploit vulnerabilities in outdated software to gain unauthorised access to networks.
2. Strong Password Policies: Implementing strong password policies, including regular password changes and complex passwords, can significantly reduce the risk of unauthorised access to systems and networks. Employees should also be trained on password security and phishing awareness.
3. Employee Training and Awareness: Educating employees about the dangers of phishing emails and other social engineering tactics is essential in preventing ransomware attacks. Employees should be trained to recognise suspicious emails, links, and attachments and immediately report any unusual activity to the IT department.
4. Data Backup and Recovery: Regularly backing up critical data and maintaining offline backups can help mitigate the impact of ransomware attacks. In the event of an attack, businesses can restore their systems and files from backups without paying the ransom.
5. Network Segmentation and Access Controls: Implementing network segmentation and access controls can limit the spread of ransomware within a network and prevent unauthorised access to sensitive data. Restricting user privileges based on job roles and responsibilities can also help minimise the impact of ransomware attacks.
6. Incident Response Plan: Developing and testing an incident response plan is essential for effectively responding to ransomware attacks. This plan should outline the steps during an attack, including isolating infected systems, contacting law enforcement, and communicating with stakeholders.

The Singaporean authorities have advised businesses that have been compromised to refrain from paying ransom to the attackers. Members affiliated with Akira demand crypto payments, notably in BTC, in exchange for relinquishing control of compromised computer systems and internal data. Despite this, Singaporean authorities have advised businesses against complying with these demands for payment.

They said, “If your organisation’s systems have been compromised with ransomware, we do not recommend paying the ransom and advise you to report the incident immediately to the authorities. Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data.” Moreover, malicious actors might try to launch subsequent attacks in anticipation of securing a higher ransom.

The FBI discovered that Akira never contacts victims but expects them to initiate communication. Specific suggested strategies for mitigating threats include establishing a recovery strategy and utilising multifactor authentication, filtering network traffic, deactivating unused ports and hyperlinks, and implementing system-wide encryption.