A new report from Akamai Technologies has highlighted a worrying escalation in ransomware tactics affecting Asia Pacific enterprises, with a shift towards more sophisticated “quadruple extortion” campaigns alongside the persistent prevalence of double extortion attacks.
Healthcare and Legal Sectors Under Intense Threat
The report identifies dominant ransomware groups such as LockBit, BlackCat/ALPHV, and CL0P as major actors in the APAC region, with newer groups like Abyss Locker and Akira rapidly rising. Australian organisations have not been spared; for example, the Nursing Home Foundation suffered a breach involving 1.5 terabytes of sensitive data, while a Singapore law firm reportedly paid US$1.9 million following an Akira attack.
Emerging ransomware-as-a-service (RaaS) groups such as RansomHub and Anubis are targeting small to medium enterprises, healthcare providers, and educational institutions, with recent breaches reported at an Australian IVF clinic and multiple medical practices.
Regulatory Complexity Adds to Vulnerabilities
APAC’s diverse regulatory landscape complicates ransomware response efforts. In Singapore, non-compliance with the Personal Data Protection Act (PDPA) can incur fines up to 10% of annual revenue, while India imposes criminal penalties, and Japan currently lacks formal financial sanctions. This patchwork creates compliance blind spots that attackers exploit through “regulation extortion” tactics.
Zero Trust and Microsegmentation: Essential Defences
Akamai emphasises that adopting Zero Trust architectures and software-defined microsegmentation is crucial to mitigating modern ransomware threats. For instance, a regional consulting firm in APAC successfully curtailed lateral movement of ransomware by enforcing strict access controls, reducing their internal attack surface.
Reuben Koh (pictured), Director of Security Technology and Strategy for APJ at Akamai, urges organisations to prioritise cyber resilience:
“As APAC’s digital economy expands rapidly, security teams face a growing attack surface. Zero Trust models centred on verified access, combined with regular incident response exercises, will be critical to minimising ransomware’s impact.”
Additional Key Findings
-
Generative AI and large language models are enabling less technically skilled threat actors to develop and deploy ransomware with greater ease and scale.
-
Hybrid ransomware activist groups increasingly leverage ransomware-as-a-service (RaaS) platforms driven by political, ideological, and financial motives.
-
Nearly 50% of cryptomining attacks analysed targeted nonprofit and educational sectors, attributed to limited cybersecurity resources.
-
The Trickbot malware family has extorted over US$724 million in cryptocurrency globally since 2016.
Implications for Australian Cybersecurity
The report underscores the urgent need for enterprises—particularly in healthcare, legal, education, and SME sectors—to strengthen their cyber defences through advanced threat detection, regulatory compliance, and resilient security architectures. With ransomware tactics evolving beyond encryption to include data exposure, service disruption, and third-party pressure, the stakes for proactive security have never been higher.
