SEA Businesses Face 400 Ransomware Attacks Daily, Kaspersky

Subscribe to our Telegram channel for the latest stories and updates.

Organisations in Southeast Asia (SEA) continue to face an alarming surge in ransomware attacks. According to the latest findings by Kaspersky, businesses in the region encountered an average of 400 ransomware attempts daily in 2024.

Ransomware is a type of malicious software that locks users out of their systems or encrypts their data, demanding a ransom in exchange for access. Both individuals and companies have been frequent targets.

Kaspersky solutions used in SEA-based businesses successfully detected and blocked 135,274 ransomware attacks between January and December 2024.

“From just 57,000 ransomware attacks in the first half of 2024, ransomware gangs clearly escalated their operations in the latter half. With increasingly sophisticated techniques, companies are under immense pressure as attackers exploit vulnerabilities in complex IT environments,” said Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

In terms of geographical impact, Indonesia bore the brunt with 57,554 attacks, followed by Vietnam (29,282) and the Philippines (21,629).

Malaysia saw a significant increase in attacks, recording 12,643 detections in 2024, a 153% jump from 4,982 cases in 2023.

Major incidents in the region included ransomware strikes on a national data centre, postal service, foreign worker government portal, and the retail sector.

“Ransomware groups are evolving. They exploit known vulnerabilities using tools like Meterpreter and Mimikatz, gain unauthorised access, target internet-facing apps, manipulate accounts and evade endpoint detection. Their methods demand urgent and proactive cybersecurity responses,” added Hia.

To mitigate the risks, Kaspersky recommends the following:

• Use robust and properly configured security solutions such as Kaspersky NEXT.

• Implement Managed Detection and Response (MDR) to proactively detect threats.

• Disable unused services and ports to reduce the attack surface.

• Regularly patch systems and software to fix vulnerabilities.

• Conduct penetration testing and vulnerability scanning regularly.

• Provide employee cybersecurity training to raise awareness and readiness.

• Maintain and test reliable data backups for critical assets.

• Leverage Threat Intelligence to stay updated on attackers’ evolving tactics.

Organisations must also monitor all new software within their networks – even legitimate tools – as attackers increasingly blend in with normal activity.