More than 770 organisations in the Asia-Pacific region were listed on the darknet leak sites of ransomware actors in 2025, a year-on-year increase of 59 per cent.
And, according to new research from cyber security firm S-RM and stakeholder strategy outfit FGS Global, the key driver of that surge was rapid digitisation in the workplace and the rolling out of artificial intelligence tools and agentic AI.
Those very tools, alongside continued expansion into the cloud, are vastly expanding the attack surface across organisations large and small, which ransomware actors are rapidly taking advantage of.
The growing number of attacks in the region made it the most ransomware-affected region last year.
Newly emerged groups such as NightSpire, Dire Wolf, and the Gentlemen concentrated between 31 per cent and 50 per cent of their attacks on the APAC region, while the most prolific group, the Qilin ransomware operation, was the single most active actor in the region.
Those actors, S-RM’s research suggests, are also increasingly taking advantage of the introduction and enforcement of more rigorous data-breach and privacy regulations to apply pressure on their victims.
“Asia-Pacific’s economic success has made the region an attractive target for cyber criminals. Corporates face a perfect storm of increased regulation, greater stakeholder demands in the event of a cyber attack and a more fragmented threat actor landscape attracting criminals of escalating sophistication,” Lester Lim, regional head, APAC, cyber security at S-RM, said in a statement.
“While protection and mitigation become more difficult for businesses than ever before, there are some practical precautions that companies can take to secure themselves and ensure that, should they become victims of a cyber attack, they are able to respond and recover faster. These include building operational resilience through regular testing and review of procedures, and ensuring they implement basic cyber security controls.”
Kyle Schwaeble, head of incident response, APAC at S-RM, added that the rapid adoption of AI is providing hackers with a “powerful toolkit” to enhance their extortion operations.
“For APAC businesses, particularly in highly targeted sectors like financial services, the message is clear: AI-enabled productivity must not come at the expense of risk management,” Schwaeble said.
“To protect their reputation and operations, companies must evolve previously static defences to assume every AI identity is a potential vulnerability, while ensuring that the drive for efficiency does not escalate the prospect of catastrophic harm.”
You can read the full research here.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.