Healthcare, legal and SME sectors in Asia-Pacific under siege as cybercriminals evolve tactics
Akamai Technologies’ latest State of the Internet (SOTI): Ransomware Report 2025 has revealed an alarming shift in cybercriminal tactics, with attackers increasingly adopting quadruple extortion techniques to maximise pressure on victims. While double extortion—encrypting data and threatening to leak it—remains common, attackers are now layering in DDoS attacks and targeting third parties like customers or media to escalate psychological and reputational pressure.
Ransomware accounted for over half of all data breaches in the Asia Pacific region in 2024, underscoring the urgent need for stronger cybersecurity strategies across critical sectors. Notably, leading ransomware groups including LockBit, BlackCat/ALPHV, and CL0P continue to dominate the threat landscape, while emerging actors like Abyss Locker and Akira are rapidly gaining ground. Abyss Locker was linked to a breach involving 1.5TB of sensitive data at Australia’s Nursing Home Foundation, and Akira was responsible for a US$1.9 million payout by a law firm in Singapore.
“Ransomware threats today are not just about encryption anymore,” said Steve Winterfeld, Advisory CISO at Akamai. “They’ve become business crises involving stolen data, public exposure, and operational shutdowns.”
The report also highlights the rise of hybrid ransomware activist groups using ransomware-as-a-service (RaaS) platforms, targeting vulnerable APAC SMEs, healthcare institutions, and educational entities. RansomHub, Play, and Anubis are leading these campaigns, exploiting regulatory blind spots in countries with inconsistent data protection laws.
“Asia-Pacific’s digital economy is growing fast, but so is its attack surface,” said Reuben Koh, Director of Security Technology and Strategy, Asia-Pacific & Japan at Akamai. “Zero Trust architectures, microsegmentation, and regular recovery drills are critical to reducing ransomware’s impact and boosting resilience.”
The report also warns of the role of GenAI and LLMs in accelerating attack sophistication and frequency. With financially and ideologically motivated attackers becoming more agile, the threat landscape is expected to worsen unless organisations invest in proactive defense and regulatory alignment.
