Landing page banner

• Lodge an online police report. Upon lodging a police report, the Singapore Cyber Emergency Response Team (SingCERT) under the Cyber Security Agency of Singapore (CSA) will also be notified
• If you are representing an organisation that has had a data breach incident that is likely to cause significant harm* to the affected individuals, OR affects a significant scale of individuals (i.e., 500 or more), you are legally required to notify the Personal Data Protection Commission (PDPC). For more information, visit the PDPC website. 

*To provide certainty to organisations on the data breaches that are notifiable, the PDP (DBN) Regulations 2021 provides the personal data (or classes of personal data) that is deemed to result in significant harm to affected individuals if compromised in a data breach. Where a data breach involves any of the prescribed personal data, the organisation will be required to notify the affected individuals and the PDPC of the data breach.

Timely reporting is necessary for law enforcement to conduct effective investigations and improve overall understanding of ransomware criminal operations.

If you know the type of ransomware affecting your computer and are looking for a decryption tool, visit the NoMoreRansom* website to check if a solution is available.

*SPF is a supporting partner of the “No More Ransom” website, an initiative by the National High Tech Crime Unit of the Netherlands Police, Europol’s European Cybercrime Centre, Kaspersky and McAfee that seeks to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

Steps to take if you encounter a ransomware attack:

• Protect Your Systems and Data from Ransomware Attacks
• Ransomware Response Checklist
• Cyber Essentials mark: Singapore’s national cybersecurity certification standards for small organisations, including SMEs, to implement cyber hygiene for protection against common cyber attacks.
• CISO as-a-Service: Engage cybersecurity consultants appointed by CSA to develop a cybersecurity health plan for your organisation, with up to 70% funding support for eligible SMEs. Organisations impacted by cyber incidents may also approach the cybersecurity consultants for support on incident response and recovery.
• Data Protection Essentials (DPE): An initiative in promoting cybersecurity in Singapore that supports SMEs in acquiring a basic level of data protection and security practices to protect their customers’ personal data and recover quickly in the event of a data breach.
• Ransomware Guidance for Organizations - This guidance (PDF 1.1MB) aims to minimise the overall impact of a ransomware incident on an organisation and help reduce disruption and cost to businesses.
• Cybersecurity Toolkits: The Cyber Security Agency of Singapore (CSA) has tailored cybersecurity toolkits to help organisations take greater ownership of their cybersecurity. The toolkits provide information on cybersecurity issues to address common threats faced.

In collaboration with CSA

In collaboration with CSA

Ransomware commonly spreads through the following means:

• Phishing emails that contain malicious links or attachments. Clicking on these links typically results in the ransomware being downloaded from an external server.
• Malicious advertisements that may exploit vulnerabilities in the web browser to install ransomware, commonly known as “drive-by downloads”.
• Other methods include brute-force attacks, exploitation of insecure Remote Desktop Protocols (RDPs), unpatched Virtual Private Networks (VPNs), replication through removable media and spam campaigns.

Common signs of ransomware infection include:

• Pop-up messages requesting funds or payment to unlock files.
• You cannot access your devices, or are unable to login for unknown reasons.
• Files request a password/code to access them.
• Files have been moved or are not in their usual folders or locations.
• Files have unusual file extensions, or their names or icons have changed to something odd.

Example of Ransom Note ▼

Source: BleepingComputer.com

Here are some steps you can take to protect yourself from ransomware:

• Install anti-virus/anti-malware software and keep these (and their definition files) updated. Perform a scan of your systems and networks regularly, and scan all received files.
• Organisations can also consider implementing network segmentation that divides a larger network into smaller sub-networks with limited inter-connectivity between them. This will control traffic flow between the sub-networks, prevent lateral movement and limit the spread of ransomware, should one part be compromised.
• Use strong passphrases and enable Two-Factor Authentication (2FA) for all internet-facing services, particularly for webmail, VPNs and accounts that access critical systems.
• Be careful what you click on. Ransomware attacks often start with a malicious email or link. Be careful about clicking on links in emails from unknown senders.
• Back up your data regularly. If you have a recent backup of your data, you can restore it if your computer is infected with ransomware.

• Disconnect the infected computer from all network access, storage devices and Bluetooth devices.
• Scan and disinfect PC with antivirus or anti-malware programs.
• Visit the NoMoreRansom website to find out the type of ransomware affecting your device and check on the availability of the decryption tool.
• Perform data restoration from your backup sources. Most types of ransomware create some form of persistence in the infected computer, and may re-encrypt data if not properly removed. As such, be sure to perform data restoration on a clean installation that is completely free of the malware.
• Lodge an online police report.
• If you are an organisation and have a data breach incident that is likely to cause significant harm* to the affected individuals, OR affects a significant scale of individuals (i.e., 500 or more), you are legally required to notify the Personal Data Protection Commission (PDPC). For more information, visit the PDPC website.
• If your computer has been infected, you can contact SingCERT (Singapore Cyber Emergency Response Team) to report the incident and for further advice on what to do.
• If your organisation is a victim of ransomware, you may refer to CSA’s ransomware response checklist on steps to identify, contain, remediate and recover.

Ransomware is a cybercrime and should be reported to the Police. For any data breaches, report to the Personal Data Protection Commission (PDPC).*

*Note: If you are an organisation and have a data breach incident that is likely to cause significant harm* to the affected individuals, OR affects a significant scale of individuals (i.e., 500 or more), you are legally required to notify the Personal Data Protection Commission (PDPC).

The best way to prevent ransomware attacks is to take steps to protect your computer from malware. You can do so by following the steps below to ensure that your devices are adequately protected against malware:

• Ensure that your mobile phones and computing devices are updated regularly with the latest OS versions and install anti-virus applications that can detect and remove malware.
• Download files, including applications and updates, directly from official verified sources as this ensures that downloaded files are free from malware or viruses.
• Backup your data regularly in a separate system and keep it offline to retain access to your data in the event of a ransomware incident. Such data backups can be done using an external hard disk that is disconnected from your devices or in the Cloud.
• Avoid clicking on suspicious-looking links and pop-up ads or opening files and email attachments from unknown senders.