SINGAPORE – Ransomware attacks have resulted in deadly consequences as criminals shift their focus to target healthcare infrastructure, Interpol said at a cyber-security conference.

Mr Ivo Peixinho, head of cybercrime intelligence at Interpol, a network of cooperation among national police forces, said ransomware attacks have primarily targeted money-related sectors such as professional services, information technology (IT), manufacturing and construction.

“But we see healthcare there… We are seeing a shift in attacks on critical infrastructure, which is very concerning and catches our eye,” he said, adding that the world will see more physical implications from ransomware as the frequency and scale of attacks become more apparent.

In ransomware attacks, criminals use malware to block an organisation from accessing files on their own IT system. Victims have to pay the attackers to regain access to their files.

In his speech on Dec 7 at the ISC2 Secure Asia Pacific forum held at the Sands Expo and Convention Centre, Mr Peixinho cited a case from 2020.

He said a woman who needed urgent admission died after a ransomware attack caused the failure of IT systems at a hospital in Germany.

“We are starting to see the physical implications from ransomware. It’s no longer just virtual attacks that cause companies to not be able to work,” added Mr Peixinho, who noted that most ransomware attacks still centre around wealthier nations such as the United States, Britain, Canada, Germany and France.

Singapore has not been spared. On Nov 1, the Web services of public healthcare institutions were disrupted in a distributed denial of service (DDoS) attack.

For about seven hours, access to the websites of public hospitals, polyclinics and healthcare clusters was interrupted.

Investigations later showed there was no evidence indicating public healthcare data or internal networks were compromised during the DDoS attack.

Health Minister Ong Ye Kung said in Parliament on Nov 22 that such attacks are generally on the rise.

“Those who deploy them have a variety of motives, from hacktivism to petty misdemeanour,” he said in a written reply to a question on whether his ministry knew the motive behind the attacks. “The defences against DDoS attacks will have to constantly evolve to keep up with developing threats.”

He added that national healthcare IT provider Synapxe receives and blocks an average of 3,000 malicious e-mails per day, and 1.7 million attempts to bypass Internet-facing firewalls per month.

The Cyber Security Agency of Singapore had similarly warned in 2022 that ransomware attacks are expected to climb amid rapid digitalisation worldwide. It added that the number of attacks were up 54 per cent here from 2020 to 2021.

In his speech, Mr Peixinho said the emergence of cryptocurrency in 2010 has made tracing suspects more difficult.

“The hackers are very fast in moving funds using cryptocurrency. There are many crypto companies that are trained to try and trace the movement, but it is very difficult,” he added, noting that ransomware has also grown to become more organised.

He said it is becoming a service, where attackers recruit people to help provide credentials, negotiate ransoms and exfiltrate the money.

“So we are no longer just talking about a bunch of guys stealing money. We are looking at ransomware as a professional business,” added Mr Peixinho.