Increasing incidents of quadruple extortion, AI abuse, and regulatory challenges were some of the shifts in regional enterprise-customer cybersecurity trends.
A new technical report released on 30 July 2025 details the evolving nature of ransomware attacks in a cybersecurity and cloud computing firm’s user base in the Asia Pacific region (APAC), emphasizing shifts in extortion techniques, target selection, and regulatory exploitation throughout 2024 and early 2025.
The analysis is based on data from enterprise monitoring and detection of billions of events monthly, covering over 100 ransomware groups, but includes a data outage in April 2025, and omits certain global customer segments, introducing modest data continuity concerns.
Some key technical findings include:
- There has been a rise in “quadruple extortion” tactics in the 17-month data, with attackers combining data encryption, threats to leak stolen data, distributed denial-of-service (DDoS) disruptions, and targeted pressure through outreach to partners, customers, or the media.
- Double extortion remained the most common ransomware method observed in the wild.
- Major ransomware collectives associated with high-impact APAC attacks have targeted customer sectors such as healthcare, legal services, public sector entities, and manufacturing. Recent breaches include the theft of 1.5TB of medical organization data, and a multimillion-dollar legal-sector extortion in Singapore.
- Newer criminal groups have been exploiting Ransomware-as-a-Service models to extend their reach. These actors have increasingly target small and midsize organizations in the firm’s user base, sometimes leveraging vulnerabilities linked to partners and supply chain vendors.
- Attackers in the data have been capitalizing on disparate regulatory and compliance frameworks in the region. Enforcement and penalties for breach reporting vary greatly, with India allowing for potential criminal penalties, Japan currently having no formal financial fines, and Singapore imposing fines of up to 10% of annual revenue under certain statutes.
- Technical advancements in attack methodology during the 17 months have included widespread use of generative AI to:
- Generate new ransomware code variants
- Craft more convincing phishing or social engineering content
- Deploy automated chatbots for victim negotiations
- Cryptocurrency mining malware incidents continued to harm non-profit and educational institutions users in the user base
- The Trickbot malware family remained active and dangerous, implicated in cumulative cryptocurrency extortion. Also, there has been increased convergence between criminal ransomware and ideologically motivated hacktivist activity, with groups combining both technical and social-political drivers in their attacks.
In terms of methodology limitations, the analysis is based on detection telemetry across enterprise customers, classifying any communication attempt with a known malicious domain or IP as an event regardless of actual compromise. The report’s scope excludes full global representation and is affected by minor data interruptions (April 2025, due to a “data collection issue”), which may slightly affect trend analysis for certain periods.
According to Reuben Koh, Director of Security Technology and Strategy (Asia-Pacific and Japan), Akamai, the firm sharing its 17-month findings, enterprises “need to re-assess their security posture and double-down in their efforts to be more cyber resilient… with regular recovery drills and incident response simulations… against attacks like ransomware.”