January 02, 2017
Wedding photographer Chan Kar Mun knew something was amiss when her computer rebooted to an unfamiliar screenshot instead of her usual home screen.
The screenshot said her files and folders, which include edited photographs she was due to send to her clients, have been encrypted and locked. It was followed by a list of instructions on how she can pay a ransom of more than $1,000 to get her files back.
"I could not believe I was hit by a virus that I have not even heard of before," said Ms Chan.
She tried downloading antivirus software but to no avail. Luckily, she had a backup set of raw footage.
Ms Chan was a victim of ransomware. According to antivirus software firm Symantec's latest Internet security threat report, Singapore ranks 42nd globally in terms of ransomware by destination, with 16 total attacks a day and a total of 5,767 attacks in 2015.
Ransomware is a type of malicious software which locks an infected computer or mobile device, holding it hostage unless the user pays the hacker a ransom to unlock it. Because the software encrypts data so securely, it is almost impossible for anyone else except the hacker, who holds the decryption key, to unlock an infected device.
The Cyber Security Agency (CSA) saw almost a tenfold increase in reported ransomware cases last year, up from only two cases in 2015. Eighteen cases were reported last year but Mr Dan Yock Hau, director of CSA's National Cyber Incident Response Centre, said the number of victims may be higher as most cases tend to go unreported.
"Ransomware is a lucrative business for cyber criminals," Mr Dan told The Sunday Times. "We expect ransomware incidents to continue on an upward trend globally and in Singapore as well."
Cyber security firms place ransomware as the No. 1 global cyber security threat. Singapore is especially susceptible to it, they say, given its high Internet penetration rate.
Symantec security advocate Nick Savvides said: "Singapore's growing reputation as a commercial hub, and high connectivity will make it an attractive target to cyber criminals."
Cyber security experts warn that smaller businesses and even individuals may fall prey to ransomware, as hackers are targeting more victims for small amounts of ransom, rather than a few large, high-profile targets.
Their favourite way of collecting ransom is via bitcoin - an encrypted online currency that cannot be tracked or traced back to them.
The current going rate for one bitcoin is about $1,300 - which puts the average ransom amount in the range of $1,000 to $3,000, depending on the exchange rate and how much the hackers demand.
Ransomware can spread easily through e-mail, or by malicious advertisements or pop-ups that appear when users access unsafe websites.Experts advise users to constantly back up their files so that should they be victims of ransomware, they have updated files to fall back on.
Users should also patch their software and applications regularly, and to install a browser add-on to block pop-ups which might be used to inject malicious software. They also say never to pay the ransom to the hackers.
"There is no guarantee that the attacker will decrypt the files as promised once they receive payment," said Mr Savvides.