The Akamai State of the Internet (SOTI) report has identified a shift in ransomware tactics in the Asia Pacific region, with quadruple extortion methods emerging alongside sustained use of double extortion techniques.
The report, titled “Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape,” details how cybercriminals are incorporating an increasingly complex mix of threats and pressure on their victims. While double extortion ransomware, which involves encrypting a victim’s data and threatening public release unless ransoms are paid, remains prevalent, the new quadruple extortion methods now include Distributed Denial of Service (DDoS) attacks and pressure exerted on customers, partners or the media to intensify the coercion.
Steve Winterfeld, Advisory CISO at Akamai, outlined the expanding risk landscape facing organisations.
“Ransomware threats today are not just about encryption anymore. Attackers are using stolen data, public exposure, and service outages to increase the pressure on victims. These methods are turning cyberattacks into full-blown business crises, and are forcing companies to rethink how they prepare and respond.”
Ransomware accounted for a significant share of total data breaches in Asia Pacific in 2024, with the report warning that organisations must enhance cyberdefence strategies and test resilience capabilities in order to prevent major disruptions.
Regional impacts
According to the report, groups such as LockBit, BlackCat/ALPHV, and CL0P continue to pose major threats in the region, although newcomers Abyss Locker and Akira are growing in prevalence. These syndicates have prioritised critical sectors, with healthcare and legal services identified as primary targets.
High-profile incidents in recent months include the Abyss Locker breach, which resulted in the theft of 1.5TB of sensitive data from Australia’s Nursing Home Foundation, and a USD $1.9 million extortion payout by a Singapore-based law firm following an Akira ransomware incident.
Emergence of hybrid actors
The report notes the growing activity from hybrid ransomware activist groups, some of which leverage ransomware-as-a-service (RaaS) to expand operational reach. Groups such as RansomHub, Play, and Anubis have been implicated in attacks on small and medium-sized enterprises, healthcare organisations, and educational institutions across Asia Pacific. Targets include an Australian in vitro fertilisation clinic and several medical practices affected by these syndicates.
Compliance complexity
A key theme highlighted is the increasingly complicated compliance landscape facing affected businesses. In Asia Pacific, uneven regulatory maturity and fragmented data protection laws have enabled cybercriminals to exploit gaps and delays in incident response. The report outlines how non-compliance risks differ significantly, citing Singapore’s Personal Data Protection Act (PDPA) – with fines up to 10% of annual revenue – compared to potential criminal penalties in India, and the lack of formal financial penalties in Japan.
These variations create a patchwork of obligations that multinational firms must navigate whilst managing the onset of a ransomware crisis.
Zero Trust and defence strategies
The report urges organisations to focus on the adoption of Zero Trust architectures and microsegmentation in order to address the challenges of modern ransomware threats. Case studies include a regional consulting firm in Asia Pacific deploying software-defined microsegmentation, which facilitated restrictive access controls and limited the spread of an attack within its network.
Reuben Koh, Director of Security Technology and Strategy, Asia-Pacific & Japan at Akamai, commented on the regional context and the growing expectations on security teams.
“Asia-Pacific’s digital economy is one of the fastest growing in the world, largely due to its rapid pace of innovation. However, security teams are being challenged to keep up with a frequently expanding attack surface, and Ransomware attacks tend to target those blind spots. Organisations need to re-assess their security posture and double-down in their efforts to be more cyber resilient. Adopting Zero Trust architectures that are centred around verified access and microsegmentation are a good way to minimise the impact of a ransomware attack. Together with regular recovery drills and incident response simulations, these will become core essentials in improving cyber resilience against attacks like ransomware.”
Global trends
On a global scale, the report identifies that the rise of generative artificial intelligence (GenAI) and large language models (LLMs) is accelerating both the frequency and sophistication of ransomware attacks by lowering the technical barriers for attackers. The use of ransomware-as-a-service is also broadening the base of active threat actors, with many campaigns motivated by political or ideological factors as well as financial gain.
The research highlights that almost half of the cryptomining attacks analysed targeted nonprofit and educational organisations, indicating resource constraints make these sectors a frequent target. Additionally, the Trickbot malware family, used extensively by ransomware operators, has enabled the extortion of USD $724 million in cryptocurrency from victims globally since 2016.
