Singapore has released what it says is a plan to combat the growing threat of ransomware and offers guidelines on how to mitigate such attacks. These include a “kill chain” of benchmark ransomware and recommendations on whether to pay ransom demands.
Ransomware risks have dramatically increased in scale and impact, becoming an “urgent” issue that countries like Singapore need to address, the Cyber Security Agency (CSA) said in a statement on Wednesday.
“This is by nature an international problem, as attackers operate across borders and jurisdictional boundaries to evade justice,” the government agency said. “Fueled by illicit monetary gains, ransomware has created a criminal ecosystem, offering criminal services ranging from unauthorized access to targeted networks to money laundering services.”
To effectively address the challenge, he stressed the need to coordinate cybersecurity, law enforcement and financial regulatory agencies, as well as support global collaboration.
This had prompted Singapore to set up an inter-agency task force earlier this year, made up of senior representatives from various ministries and government agencies, including the CSA, the Government Technology Agency, the Ministry of Defence, the Monetary Authority of Singapore and the Singapore Police.
The working group focused on three main outputs encompassing a reference model for a ransomware kill chain, which would serve as the basis for government agencies to coordinate and develop anti-ransomware solutions. It also reviewed the country’s policies on ransom payments and made recommendations on operational plans and capabilities needed to effectively combat ransomware.
The Kill Chain outlines five stages of a ransomware attack, starting with the phases before it is activated and when attackers gain access to the targeted system and perform preparatory steps, such as data exfiltration and deletion of backups . Stealth is a priority here, and attackers have been known to complete these steps months before activation, depending on the plan.
He stressed that “prevention is better than cure,” the report notes, adding that cutting the skill chain at the first two stages should be the priority.
“Having a common reference model of a ransomware kill chain will allow countries to better understand each other, facilitate information sharing, compare ransomware best practices, and identify gaps in measures. existing national laws,” the task force said in the report.
The plan also supported Singapore’s position that paying ransoms should be “strongly discouraged” as it would further aggravate the ransomware problem since that was the attacker’s primary goal.
Moreover, paying the ransom does not guarantee that the data will be decrypted or that the data will not be released by the hackers. The task force noted that organizations that chose to pay the ransom could be identified as “soft” targets and be hit again.
In addition, paying ransoms in such attacks under certain circumstances may breach the Terrorism Act 2002, which criminalizes the financing of terrorist acts.
With this in mind, the task force recommended that government agencies and Critical Information Infrastructure (CII) owners consider the risk and notify CSA and law enforcement, in the event of an attack by ransomware, before making any ransom payment.
he also suggested that the government consider four key action plans, including strengthening the cyber defenses of high-risk targets, such as CIIs and government agencies, as well as supporting recovery so that victims of attacks ransomware does not feel obligated to pay the ransom.
According to CSA, the number of reported ransomware cases rose to 137 last year, up 54% from 2020, with SMBs in sectors such as manufacturing and IT being the main victims of these attacks. He added that ransomware groups targeting SMBs in Singapore have leveraged the ransomware-as-a-service model, which has made it easier for hobbyist hackers to use existing infrastructure to push back ransomware payloads.
#Singapore #releases #plan #fight #ransomware #attacks