Ransomware Gangs Target Southeast Asia

Successful ransomware attacks against organizations in Asia continue to soar in 2024, following a wave of high-profile data breaches that hit the region last year.

Southeast Asia experienced a significant surge in ransomware attacks in the first half of this year, but this appears to be just the beginning. Companies and government agencies across Southeast Asia — particularly in Thailand, Japan, South Korea, Singapore, Taiwan, and Indonesia — have seen a substantial increase in attacks, surpassing the ransomware growth rate in European countries, according to data from Trend Micro. Major incidents, such as the June ransomware attack by a group known as "Brain Cipher," which disrupted more than 160 Indonesian government agencies, are expected to multiply as the region’s economies expand.

Security Sacrificed for Digital Transformation

Many companies and organizations in Asia are rapidly digitizing their infrastructure, often at the expense of security, says Ryan Flores, senior manager of forward-looking threat research at Trend Micro. "There are many digital initiatives happening in the region, with governments supporting and encouraging the adoption of online services and payments," Flores explains. "However, in the rush to launch infrastructure and services, security is often neglected, as the primary goal is to bring the service or platform to market as quickly as possible."

Severe cyberattacks across the Asia-Pacific region have already confirmed growing concerns. In March, a major brokerage in Vietnam had to halt trading operations for eight days after a ransomware attack encrypted critical data. That same month, Japanese officials accused North Korean hackers of polluting the Python Package Index (PyPI) with malicious code capable of dropping ransomware onto victims’ systems.

Rise in Attacks Across Asia

Although over 75% of ransomware attacks continue to target organizations in North America and Europe, the share of successful cyberattacks affecting other regions — especially Asia — has spiked. In 2023, the number of publicly reported ransomware attacks in Asia grew by 85%, according to data from cybersecurity firm Comparitech.

Asia-Pacific: A Prime Target for Ransomware

Ransomware groups are increasingly targeting the most critical and vulnerable sectors in the Asia-Pacific region. The manufacturing sector saw a significant rise in attacks, with 21 confirmed ransomware incidents in 2023, followed by 16 in the government sector and 11 in healthcare, according to data compiled by Comparitech from public reports. 

One major factor contributing to this rise is the absence of breach notification laws in many countries, which leads to significant underreporting of breaches and less emphasis on cybersecurity in Asia. Additionally, the widespread use of cryptocurrency in many Asian countries has increased the likelihood of ransom payments, says Rebecca Moody, head of data research at Comparitech. "In many cases, the only way you learn about an attack is through system disruptions or website downtime... but if they manage to get the systems back online without anyone knowing, they can avoid disclosing it," Moody explains.

Ransomware for Financial Gain

While the increase in attacks is notable, it may be less about specific targeting and more about the growing number of potential victims, as companies undergo digital transformations without updating their security at the same pace, according to Trend Micro’s Flores. He believes the relatively immature cybersecurity ecosystem in the region, coupled with increasing regional tensions, contributes more to the rise in attacks than deliberate targeting. "Ransomware groups and cybercriminals, in general, are opportunistic. I don't think they focus on one region over another. Instead, they target vulnerable or misconfigured infrastructure, regardless of whether it's in Asia, Europe, or Africa."

Improving Security in the Region

Governments in the Asia-Pacific region are beginning to update their regulations to enhance security. In May, Singapore updated its Cybersecurity Act to address the reliance of its critical infrastructure on third parties using cloud services. In April, Malaysia passed new legislation requiring cybersecurity service providers to obtain licenses to operate in the country, though the specifics are still being finalized.

Security Recommendations

Matt Hull, global head of strategic threat intelligence at NCC Group, advises companies in the region to prioritize foundational defenses such as regular patch management to address known vulnerabilities, implementing strong password policies to prevent exploitation, and enabling multi-factor authentication (MFA) for added security. He also emphasizes the importance of establishing robust detection and monitoring systems to quickly identify and respond to potential threats.