Ransomware attacks will keep hitting APAC businesses in 2025, according to Rapid7. The cybersecurity company points to a rise in zero-day exploits and shifts in the ransomware landscape as reasons for a rocky road ahead for security and IT teams in the region.
In recent years, ransomware incidents have surged. Rapid7’s Ransomware Radar Report revealed that in the first half of 2024 alone, 21 new ransomware groups popped up globally. The criminals behind these attacks made $1.1 billion in ransom payments in 2023, double from the previous year.
Rapid7 didn’t dive deep into APAC’s specific challenges with zero-day exploits, but a PwC survey indicated that 14% of respondents in the region flagged zero-day vulnerabilities as a top third-party cyber threat for 2024. This concern could carry over into 2025.
Despite global efforts to crack down on operators like LockBit, ransomware groups continue to flourish. Rapid7 anticipates that zero-day vulnerabilities will be more exploited in 2025, with these groups broadening their attack methods to evade traditional defenses.
Raj Samani, Rapid7’s chief scientist, shared that ransomware groups are gaining access to fresh initial entry points, or zero-day vulnerabilities, at a quicker pace than in the past. He noted that these zero-day events now occur almost every week, compared to a quarterly basis years ago.
The success of ransomware campaigns, fueled by booming cryptocurrency payments, allows these groups to invest in exploiting more vulnerabilities. In APAC, this environment encourages global ransomware groups to launch region-specific campaigns, although the prevalent groups differ by country and industry.
Samani said the rise in zero-day exploits could worsen in 2025, as the ransomware ecosystem’s dynamics change. He pointed out that less technically skilled affiliate organizations might start participating in these attacks, further complicating the landscape.
He explained that the workforce behind ransomware is shifting. Some individuals develop the code, while others target businesses for attacks, creating two separate roles in the ecosystem. If a ransomware group has access to zero-day vulnerabilities, they might attract more affiliates who may not be as technically proficient.
Sabeen Malik, head of Rapid7’s global government affairs, highlighted that ransomware has become a critical global issue, with more countries collaborating to fight it. Some companies in Asia are still willing to pay ransoms to keep operations running. Research from Cohesity found that 82% of IT leaders in Singapore and Malaysia would consider paying a ransom to recover data. In Australia and New Zealand, 56% of respondents reported a ransomware attack in the last six months, with 78% open to paying ransoms in the future.
With APAC countries exploring regulatory responses, Australia has introduced mandatory reporting for ransom payments over $3 million that must be reported within 72 hours. However, Rapid7 warns that outright bans on ransom payments could have significant implications. If companies can’t pay ransoms, they might lose essential recovery options after an attack.
Samani emphasized that regulations and government mandates could dramatically alter how businesses respond. He urged organizations to think carefully about their business continuity and disaster recovery plans if ransom payments become illegal.
To combat ransomware threats, Rapid7 recommends a few essential measures:
-
Focus on Cyber Hygiene: Companies should prioritize basic security practices like password management. Malik stressed that simple hygiene practices can be the foundation of effective security.
-
Vet AI Security Vendors: Samani encouraged teams to scrutinize AI tools, asking about detection and response strategies, incident response retainers, and regular testing practices.
- Understand Your Attack Surface: Organizations should map out their attack surface, including cloud and on-premise assets, identities, and third parties. Prioritizing risks based on business-critical applications is vital.
Samani also underscored the need for organizations to broaden their data pipelines, gathering and normalizing data from various sources. He urged companies to prepare for discussions about ransomware risks with their boards, emphasizing the importance of articulating these risks to senior leaders.
