Ransomware Threats in APAC to Worsen in 2025, Predicts Rapid7
Ransomware Incidents on the Rise
Ransomware attacks will continue to plague APAC enterprises in 2025, according to Rapid7. The cybersecurity tech vendor expects that more zero-day exploits and changes in ransomware industry dynamics will result in a “bumpy ride” for security and IT professionals throughout the region.
Ransomware incidents have steadily risen over the last couple of years. Rapid7’s Ransomware Radar Report revealed that 21 new ransomware groups emerged globally in the first half of 2024. A separate analysis found that these criminals doubled their takings to $1.1 billion in ransom payments in 2023.
Rise of Zero-Day Exploits
While the Rapid7 report did not specifically detail APAC’s issues with zero-day exploits, PwC’s annual Digital Trust Insights (DTI) survey revealed that 14% of the region identified zero-day vulnerabilities as one of the top third-party-related cyber threats in 2024 — an issue that could linger into 2025.
Ransomware Operators Thrive
Despite international efforts, such as the takedown of LockBit, ransomware operators continued to thrive. Rapid7 predicts increased exploitation of zero-day vulnerabilities in 2025, as these groups are expected to expand attack vectors and bypass traditional security measures.
Ransomware Industry Dynamics to Shape Attacks in 2025
Rapid7’s chief scientist, Raj Samani, said the firm has seen ransomware groups gaining access “to novel, new initial entry vectors,” or zero-day vulnerabilities, over the last year. He explained that zero-day events were happening almost weekly rather than about once a quarter as they had in the past.
The firm has observed ransomware operators exploiting zero days in ways that were not feasible 10 years ago. This is due to the financial success of ransomware campaigns, being paid in booming cryptocurrency, which created a windfall that allowed them to “invest” in exploiting more zero days.
In APAC, these conditions are causing global ransomware threat groups to engage in regionally targeted ransomware campaigns. However, Rapid7 previously noted that the most prevalent groups vary based on the targeted country or sector, which attracts different ransomware groups.
Increased Technical Barriers for Ransomware
Samani said the threat posed by zero-day events could worsen in 2025 due to the dynamics within the ransomware ecosystem. He noted that the market could witness an increase in less technically skilled affiliate organizations joining the ranks of those attacking global enterprises.
“The reason why we’ve seen such a growth in ransomware and the demand and exponential increase in payments is because you have individuals that develop the code and individuals that go out and break into companies and deploy that code — so two separate groups,” he explained.
Samani speculated that, while the opaque nature of ransomware makes the situation unclear, a ransomware group with access to zero-day vulnerabilities for an initial entry could use them to attract more affiliates.
“The bigger concern is, does that then mean the operational and technical proficiency of the affiliate can be lower? Are they lowering the technical barriers to entering this particular market space? All of which kind of reveals 2025 could be very bumpy,” he said.
Ransomware Payment Bans and Incident Response Plans
Sabeen Malik, Rapid7’s head of global government affairs and public policy, said governments worldwide increasingly view ransomware as a “critical issue,” with the biggest global collective to combat the initiative, the International Counter Ransomware Initiative, now having the most members it has ever had.
This comes as some Asian companies remain ready to pay ransoms to keep business going. Research from Cohesity released in July found that 82% of IT and security decision-makers in Singapore and Malaysia would pay a ransom to recover data and restore business processes.
The same was true of Australian and New Zealand respondents to the same survey: 56% confirmed their company had been the victim of a ransomware attack in the previous six months, and 78% said they would pay a ransom to recover data and business processes in the future.
Countries in APAC are considering how to respond with regulation. Australia has just introduced mandatory ransomware payment reporting for organizations turning over $3 million, who must now report a payment within 72 hours.
Tips for Preventing Ransomware Threats
Implement Basic Cybersecurity Hygiene
Malik said companies are considering how new technologies such as AI overlays can help combat the problem — but they should not forget the basic hygiene practices, such as password management, which can ensure that secure foundations are in place.
“It seems like such a no-brainer, yet we continue to see how many issues we’ve seen with identity management and password mismanagement have led to where we are now. What are some of the basic things we need to make these [hygiene] practices foundational?” she asked.
Ask Tough Questions of AI Security Vendors
Samani said newer AI tools could help “disrupt the kill chain quicker and faster” if threat actors breach defences. However, he said “security is not a commodity” and that not all AI models are of equal quality. He recommended teams ask questions of the suppliers and vendors.
As he explained, these questions could include:
- “What is their detection strategy, and what is their response strategy?”
- “Do you have an incident response retainer?”
- “Do you conduct regular testing? What about penetration testing?”
Map, Prioritize, and Widen Your Data Pipeline
Rapid7 suggested that organizations try to understand and map their entire attack surface, including cloud, on-premise, identities, third parties, and external assets. They also urged companies to prioritize risks by mapping exposed assets to business-critical applications and sensitive data.
Beyond that, Samani said the most important approach is to broaden ingestion pipelines. He said organizations should gather data from many sources, normalize data across sources, and have a methodology for determining an asset.
Conclusion
Ransomware threats in APAC are expected to worsen in 2025, with more zero-day exploits and changes in ransomware industry dynamics posing a “bumpy ride” for security and IT professionals. To combat these threats, organizations must implement basic cybersecurity hygiene, ask tough questions of AI security vendors, and map, prioritize, and widen their data pipeline.
FAQs
- What is the expected impact of ransomware on APAC enterprises in 2025?
- What are the key factors driving the rise of ransomware in APAC?
- What is the role of AI in combating ransomware?
Ransomware attacks will continue to plague APAC enterprises in 2025, with more zero-day exploits and changes in ransomware industry dynamics posing a “bumpy ride” for security and IT professionals.
The key factors driving the rise of ransomware in APAC include the financial success of ransomware campaigns, being paid in booming cryptocurrency, and the growth of less technically skilled affiliate organizations.
AI can help “disrupt the kill chain quicker and faster” if threat actors breach defences, but security teams must ask tough questions of AI security vendors and not assume that all AI models are of equal quality.