SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Hooded hacker over asia pacific skyline ai ransomware cloud web
#
Data Protection
#
Ransomware
#
Digital Transformation

Ransomware surges across Asia-Pacific as AI fuels risk

Wed, 11th Mar 2026
Author image
By Kaleah Salmon, News Editor

Ransomware attacks across Asia-Pacific rose sharply in 2025, with more than 770 organisations in the region named on leak sites. Financial services was the hardest hit sector, according to new research from S-RM and FGS Global.

Ransomware accounted for 64% of all incidents S-RM responded to in Asia-Pacific last year, compared with a global average of 45% across its incident work. The researchers recorded a 59% year-on-year increase in the number of Asia-Pacific organisations named on ransomware leak sites.

Regional hotspot

East and Southeast Asia recorded the largest increase globally, with ransomware attacks up 71% in 2025. The researchers described Asia-Pacific as the fastest-growing hunting ground for ransomware groups worldwide.

Financial services accounted for 20% of cases in the Asia-Pacific. The report did not provide a breakdown of other industries.

The researchers linked the rise to rapid digitalisation across the region. Wider use of online infrastructure and cloud services has expanded the number of systems and services available for attackers to target.

Organisations of all sizes are being targeted, but small and medium-sized enterprises are more likely to lack the cyber maturity needed to defend against evolving ransomware tactics.

Regulatory pressure

Stricter data breach and privacy rules across parts of Asia are also shaping attacker behaviour, mirroring developments in Europe after the introduction of regulations such as GDPR.

The tighter regulatory environment has increased the leverage available to threat actors during extortion attempts. Attackers now routinely threaten to expose sensitive information in ways that could trigger regulatory penalties.

New groups

The report identified a wave of ransomware groups first observed in 2025 that appear to have made Asia-Pacific a strategic focus, including NightSpire, Dire Wolf, Gentlemen and Crypto24.

Between 31% and 50% of attacks by those groups targeted organisations in the region. The researchers also highlighted Qilin as the most active group targeting Asia-based organisations, and described it as the most prolific ransomware group globally last year, with more than 1,150 publicly disclosed victims.

Lester Lim, Regional Head, APAC, Cyber Security, S-RM, said the region's economic growth has increased its attractiveness to criminals.

"Asia Pacific's economic success has made the region an attractive target for cyber criminals. Corporates face a perfect storm of increased regulation, greater stakeholder demands in the event of a cyber-attack and a more fragmented threat actor landscape attracting criminals of escalating sophistication."

"While protection and mitigation become more difficult for businesses than ever before, there are some practical precautions that companies can take to secure themselves, and ensure that should they become victims of a cyber-attack they are able to respond and recover faster. These include building operational resilience through regular testing and review of procedures, and ensuring they implement basic cybersecurity controls."

AI risks

The report also examined rapid corporate AI adoption across Asia-Pacific, warning it is creating new vulnerabilities. At the same time, attackers are using AI to make intrusions and extortion attempts more targeted.

It pointed to a shift towards more personalised attacks, with threat actors using AI to identify and exploit the most damaging corporate information. The researchers framed this as part of a broader trend towards faster attacks and shorter timelines between initial access and extortion.

Kyle Schwaeble, Head of Incident Response, APAC, S-RM, said AI adoption and attacker capability are compressing incident timelines.

"As organisations rapidly adopt AI to drive economic efficiency, they are inadvertently handing a powerful toolkit to adversaries who are now moving from intrusion to extortion in hours rather than weeks. This observed behaviour is no different in the Asia-Pacific region, where ransomware incidents already far exceed the global average and the regulation that businesses must contend with is growing rapidly. It is evident that the rush to embed AI agents without robust security protocols is creating a significant risk environment."

"For APAC businesses, particularly in highly targeted sectors like financial services, the message is clear: AI-enabled productivity must not come at the expense of risk management. To protect their reputation and operations, companies must evolve previously static defences to assume every AI identity is a potential vulnerability, while ensuring that the drive for efficiency does not escalate the prospect of catastrophic harm."

2026 outlook

Looking ahead, the researchers expect a small number of established ransomware groups to continue to dominate victim counts and headlines. They cited Akira, Qilin, and Scattered Spider or ShinyHunters, while also anticipating smaller newcomers to emerge regularly.

Ransomware attacks are also expected to get faster as operators increase their use of automation and improve organisation and execution. Tasks that once took weeks now take days, and tasks that took days now take hours.

The report also described an "emergence of the speed paradox" as incident timelines compress. It warned that organisations may feel pressure to communicate quickly without complete or correct information to maintain stakeholder trust and meet regulatory deadlines. Others may wait until facts are established, risking missed deadlines and reputational fallout from a perceived slow response.

Ben Richardson, Partner and Head of Asia, FGS Global, said boards should treat ransomware as more than a technical problem.

"For APAC boards, ransomware is now a multi-dimensional crisis that can simultaneously cripple operations, trigger harsh regulatory penalties under the region's tightening privacy laws, and permanently erode stakeholder trust. All of these represent significant reputational harm to a business, meaning that companies not only have to contend with the technical recovery following a cyberattack, but also a reputational rebuild. A holistic, agile approach will be the difference between recovery and lasting damage."

Related stories
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks
Commvault extends Clumio support to Google Cloud Storage
Commvault brings cloud resilience tools to Google Cloud
Elastic adds Prometheus ingestion & PromQL in Kibana

Top stories

Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap