Akamai Technologies has found that bad actors are using a new quadruple extortion tactic in ransomware campaigns, while double extortion remains the most common approach. With ransomware accounting for more than half of the total data breaches in this region in 2024, Asia Pacific (APAC) enterprises must scrutinise and strengthen their cyber defences to minimise vulnerabilities and ensure business resilience.
According to the new Akamai State of the Internet (SOTI) report, Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape, the emerging trend of quadruple extortion includes DDoS (Distributed Denial of Service) attacks and pressuring third parties like customers, partners, or media to increase the pressure on the victim. That builds on double extortion ransomware in which attackers simply encrypt a victim’s data and threaten to leak it publicly if the ransom is not paid.
“Ransomware threats today are not just about encryption anymore,” said Steve Winterfeld, Advisory CISO at Akamai. “Attackers are using stolen data, public exposure, and service outages to increase the pressure on victims. These methods are turning cyberattacks into full-blown business crises, and are forcing companies to rethink how they prepare and respond.”
Healthcare and legal sectors in APAC are in the crosshairs
Major ransomware groups like LockBit, BlackCat/ALPHV, and CL0P remain dominant actors across the region, though new entrants like Abyss Locker and Akira are rapidly rising. These groups have targeted APAC’s critical sectors — from healthcare to legal services — with alarming precision. Notable incidents include the Abyss Locker breach of 1.5TB of sensitive data from Australia’s Nursing Home Foundation, and a US$1.9 million extortion payout by a Singapore-based law firm following an Akira attack.
Hybrid ransomware activist groups are also gaining traction. Using ransomware-as-a-service (RaaS) platforms, groups like RansomHub, Play, and Anubis are targeting APAC-based small and medium-sized enterprises, healthcare organisations, and educational institutions. One Australian in vitro fertilisation clinic and multiple medical practices were recently breached by these newer syndicates.
Compliance complexity is a growing liability
In APAC, fragmented compliance and uneven regulatory maturity are fuelling the evolving use of regulation extortion tactics by ransomware groups. For example, failure to comply with Singapore’s Personal Data Protection Act (PDPA) can result in fines of up to 10% of annual revenue, India imposes potential criminal penalties, while Japan currently has no formal financial penalties for non-compliance. These inconsistencies leave multinational enterprises navigating a complex regulatory patchwork that can slow reporting efforts — or worse, create blind spots attackers are keen to exploit.
Zero trust and resilience remain critical
Akamai highlights the growing importance of Zero Trust and microsegmentation as essential defences against modern ransomware tactics in the report. For example, a regional consulting firm in APAC used software-defined microsegmentation to enforce Zero Trust access controls, reducing the internal attack surface and halting lateral movement before damage could spread.
“Asia-Pacific’s digital economy is one of the fastest growing in the world, largely due to its rapid pace of innovation,” said Reuben Koh, Director of Security Technology and Strategy, Asia-Pacific & Japan at Akamai. “However, security teams are being challenged to keep up with a frequently expanding attack surface, and Ransomware attacks tend to target those blind spots. Organisations need to re-assess their security posture and double-down in their efforts to be more cyber resilient. Adopting Zero Trust architectures that are centred around verified access and microsegmentation are a good way to minimise the impact of a ransomware attack. Together with regular recovery drills and incident response simulations, these will become core essentials in improving cyber resilience against attacks like ransomware.”
