According to Rapid7, Ransomware problems will still be a problem for APAC businesses in 2025. The security software vendor anticipates that protection and IT professionals in the region will experience a “bumpy ride” as a result of more zero-day exploits and changes in the ransomware industry dynamics.
Ransomware situations have increased rapidly over the past few years. In the first quarter of 2024, 21 new ransom groups emerged worldwide according to Rapid7’s Ransomware Radar Report. According to a different analysis, these criminals dumped their ransom payments by$ 1.1 billion in 2023.
While the Rapid7 report did not specifically detail APAC’s issues with zero-day exploits, PwC’s annual Digital Trust Insights (DTI ) survey revealed that 14 % of the region identified zero-day vulnerabilities as one of the top third-party-related cyber threats in 2024 — an issue that could linger into 2025.
Ransomware users continued to prosper despite international initiatives like the removal of LockBit. Zero-day risks are expected to expand assault vectors and bypass conventional security measures in 2025, according to Rapid7’s prediction.
Ransomware market dynamics to influence attacks in 2025
Rapid7’s general professor, Raj Samani, said the company has seen malware groups gaining entry” to novel, new first entry vectors”, or zero-day vulnerabilities, over the last year. He explained that unlike in the past, zero-day events were occurring about regular rather than every quarter.
The company has observed malware users who used zero times in ways that were unheard ten years ago. This is due to the economic success of ransomware strategies, being paid in rising crypto, which created a fortune that allowed them to “invest” in exploiting more zero time.
In APAC, these circumstances are causing geographically targeted malware danger groups to use global ransomware danger. But, Rapid7 previously noted that the most prominent groups vary based on the precise state or market, which attracts various ransomware groups.
Notice: US Sanctions Chinese Cybersecurity Agency for 2020 Ransomware Attack
According to Samani, the dynamics of the ransom ecosystem may cause the danger posed by zero-day events to get worse in 2025. He noted that advertising organizations with lower technical skills might be joining the ranks of those who target international businesses.
” There are two separate groups of people who develop the code and those who go out and break into businesses and build that code,” he explained, which is the reason why we’ve seen such a progress in malware and the need and exponential increase in repayments.
Samani posited that a ransom party with exposure to zero-day risks for an initial entry may use them to draw more affiliates, despite the impenetrable nature of ransomware making the situation clear.
Does the “bigger issue” then mean that the affiliate’s technical and administrative proficiency may be decreased? Are they lowering the technical barriers to entry to this particular business area in any way? All of which type of reveals 2025 could be very bumpy”, he said.
Ransomware pay bans could alter incident response strategies
The largest worldwide shared to combat ransom, the International Counter Ransomware Initiative, has the most people it has ever had, according to Sabeen Malik, Rapid7’s mind of global state politics and public scheme.
This occurs as some Asian businesses continue to be willing to pay ransoms to keep their operations going. According to research from Cohesity, 82 % of IT and security decision-makers in Singapore and Malaysia would pay a ransom to recover data and restore business processes in July.
The same pattern applied to Australian and New Zealand respondents to the same survey: 56 % of them said their company had been the victim of a ransomware attack in the previous six months, and 78 % said they would pay a ransom to recover data and business processes in the future.
APAC nations are considering how to implement regulation. Organizations turning over$ 3 million who are required to report a payment within 72 hours have just been made mandatory to report ransomware payment.
SEE: Australia’s Cybersecurity Law Includes Ransomware Payment Reporting
However, banning ransomware payments outright could have an outsized impact on the security industry, according to Rapid7. Targeted businesses could lose an avenue of recovery following an attack if payments were prohibited.
” The shadow looming over all of us aren’t regulations, but more kind of mandates from governments banning the use of, or payments around ransomware, those types of enormous, behemoth kind of decisions I think could dramatically impact the industry”, Samani said.
How will it affect the way I do things if ransomware payments become prohibited within my own country in terms of your BCP [business continuity ] planning and your DR [disaster recovery ] planning? he said.
Tips for preventing ransomware threats
Rapid7 advised security teams to consider a number of ways to combat threats:
Implement basic cyber security hygiene
Malik argued that businesses are considering how new technologies like AI overlays can help address the issue, but they should remember that password management, one of the most fundamental hygiene practices, can help ensure that secure foundations are in place.
” It seems like such a no-brainer, yet we continue to see how many issues we’ve seen with identity management and password mismanagement have contributed to where we are right now. What are some of the basic things we need to make these]hygiene ] practices foundational”? she asked.
Ask difficult questions of vendors for AI security.
Samani claimed that more recent AI tools could “disrupt the kill chain more quickly and quickly” if threat actors breach defenses. However, he said” security is not a commodity” and that not all AI models are of equal quality. He advised teams to question vendors and suppliers.
SEE: How Can Businesses Protect Theirself From Common Cyber Threats
As he explained, these questions could include:
- ” What is their detection strategy, and what is their response strategy”?
- ” Do you have an incident response retainer”?
- ” Do you conduct regular testing? What about penetration testing”?
Map, prioritise, and widen your data pipeline
Rapid7 suggested that organisations try to understand and map their entire attack surface, including cloud, on-premise, identities, third parties, and external assets. Additionally, they urged businesses to prioritize risk by tying risky assets to business-critical applications and sensitive data.
Samani argued that expanding ingestion pipelines is the most crucial step in this regard. He recommended that businesses gather data from a variety of sources, standardize it across sources, and have a process for identifying an asset.
” Probably the top of mind for your]company ] boards is ransomware”, Samani said. Use this as a chance to talk to them in depth. Be under no illusions: you will be invited to board meetings. Be prepared for that, and ensure that you explain the risk to your senior leaders.