Quadruple extortion ransomware rises in Asia Pacific region
The report, titled "Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape," details how cybercriminals are incorporating an increasingly complex mix of threats and pressure on their victims. While double extortion ransomware, which involves encrypting a victim's data and threatening public release unless ransoms are paid, remains prevalent, the new quadruple extortion methods now include Distributed Denial of Service (DDoS) attacks and pressure exerted on customers, partners or the media to intensify the coercion.
Steve Winterfeld, Advisory CISO at Akamai, outlined the expanding risk landscape facing organisations. "Ransomware threats today are not just about encryption anymore. Attackers are using stolen data, public exposure, and service outages to increase the pressure on victims. These methods are turning cyberattacks into full-blown business crises, and are forcing companies to rethink how they prepare and respond."
Ransomware accounted for a significant share of total data breaches in Asia Pacific in 2024, with the report warning that organisations must enhance cyberdefence strategies and test resilience capabilities in order to prevent major disruptions.
Regional impacts
According to the report, groups such as LockBit, BlackCat/ALPHV, and CL0P continue to pose major threats in the region, although newcomers Abyss Locker and Akira are growing in prevalence. These syndicates have prioritised critical sectors, with healthcare and legal services identified as primary targets.
High-profile incidents in recent months include the Abyss Locker breach, which resulted in the theft of 1.5TB of sensitive data from Australia's Nursing Home Foundation, and a USD $1.9 million extortion payout by a Singapore-based law firm following an Akira ransomware incident.
Emergence of hybrid actors
The report notes the growing activity from hybrid ransomware activist groups, some of which leverage ransomware-as-a-service (RaaS) to expand operational reach. Groups such as RansomHub, Play, and Anubis have been implicated in attacks on small and medium-sized enterprises, healthcare organisations, and educational institutions across Asia Pacific. Targets include an Australian in vitro fertilisation clinic and several medical practices affected by these syndicates.
Compliance complexity
A key theme highlighted is the increasingly complicated compliance landscape facing affected businesses. In Asia Pacific, uneven regulatory maturity and fragmented data protection laws have enabled cybercriminals to exploit gaps and delays in incident response. The report outlines how non-compliance risks differ significantly, citing Singapore's Personal Data Protection Act (PDPA) – with fines up to 10% of annual revenue – compared to potential criminal penalties in India, and the lack of formal financial penalties in Japan.
These variations create a patchwork of obligations that multinational firms must navigate whilst managing the onset of a ransomware crisis.
Zero Trust and defence strategies
The report urges organisations to focus on the adoption of Zero Trust architectures and microsegmentation in order to address the challenges of modern ransomware threats. Case studies include a regional consulting firm in Asia Pacific deploying software-defined microsegmentation, which facilitated restrictive access controls and limited the spread of an attack within its network.
Reuben Koh, Director of Security Technology and Strategy, Asia-Pacific & Japan at Akamai, commented on the regional context and the growing expectations on security teams. "Asia-Pacific's digital economy is one of the fastest growing in the world, largely due to its rapid pace of innovation. However, security teams are being challenged to keep up with a frequently expanding attack surface, and Ransomware attacks tend to target those blind spots. Organisations need to re-assess their security posture and double-down in their efforts to be more cyber resilient. Adopting Zero Trust architectures that are centred around verified access and microsegmentation are a good way to minimise the impact of a ransomware attack. Together with regular recovery drills and incident response simulations, these will become core essentials in improving cyber resilience against attacks like ransomware."
Global trends
On a global scale, the report identifies that the rise of generative artificial intelligence (GenAI) and large language models (LLMs) is accelerating both the frequency and sophistication of ransomware attacks by lowering the technical barriers for attackers. The use of ransomware-as-a-service is also broadening the base of active threat actors, with many campaigns motivated by political or ideological factors as well as financial gain.
The research highlights that almost half of the cryptomining attacks analysed targeted nonprofit and educational organisations, indicating resource constraints make these sectors a frequent target. Additionally, the Trickbot malware family, used extensively by ransomware operators, has enabled the extortion of USD $724 million in cryptocurrency from victims globally since 2016.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
4 days ago
- Techday NZ
Quadruple extortion ransomware rises in Asia Pacific region
The Akamai State of the Internet (SOTI) report has identified a shift in ransomware tactics in the Asia Pacific region, with quadruple extortion methods emerging alongside sustained use of double extortion techniques. The report, titled "Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape," details how cybercriminals are incorporating an increasingly complex mix of threats and pressure on their victims. While double extortion ransomware, which involves encrypting a victim's data and threatening public release unless ransoms are paid, remains prevalent, the new quadruple extortion methods now include Distributed Denial of Service (DDoS) attacks and pressure exerted on customers, partners or the media to intensify the coercion. Steve Winterfeld, Advisory CISO at Akamai, outlined the expanding risk landscape facing organisations. "Ransomware threats today are not just about encryption anymore. Attackers are using stolen data, public exposure, and service outages to increase the pressure on victims. These methods are turning cyberattacks into full-blown business crises, and are forcing companies to rethink how they prepare and respond." Ransomware accounted for a significant share of total data breaches in Asia Pacific in 2024, with the report warning that organisations must enhance cyberdefence strategies and test resilience capabilities in order to prevent major disruptions. Regional impacts According to the report, groups such as LockBit, BlackCat/ALPHV, and CL0P continue to pose major threats in the region, although newcomers Abyss Locker and Akira are growing in prevalence. These syndicates have prioritised critical sectors, with healthcare and legal services identified as primary targets. High-profile incidents in recent months include the Abyss Locker breach, which resulted in the theft of 1.5TB of sensitive data from Australia's Nursing Home Foundation, and a USD $1.9 million extortion payout by a Singapore-based law firm following an Akira ransomware incident. Emergence of hybrid actors The report notes the growing activity from hybrid ransomware activist groups, some of which leverage ransomware-as-a-service (RaaS) to expand operational reach. Groups such as RansomHub, Play, and Anubis have been implicated in attacks on small and medium-sized enterprises, healthcare organisations, and educational institutions across Asia Pacific. Targets include an Australian in vitro fertilisation clinic and several medical practices affected by these syndicates. Compliance complexity A key theme highlighted is the increasingly complicated compliance landscape facing affected businesses. In Asia Pacific, uneven regulatory maturity and fragmented data protection laws have enabled cybercriminals to exploit gaps and delays in incident response. The report outlines how non-compliance risks differ significantly, citing Singapore's Personal Data Protection Act (PDPA) – with fines up to 10% of annual revenue – compared to potential criminal penalties in India, and the lack of formal financial penalties in Japan. These variations create a patchwork of obligations that multinational firms must navigate whilst managing the onset of a ransomware crisis. Zero Trust and defence strategies The report urges organisations to focus on the adoption of Zero Trust architectures and microsegmentation in order to address the challenges of modern ransomware threats. Case studies include a regional consulting firm in Asia Pacific deploying software-defined microsegmentation, which facilitated restrictive access controls and limited the spread of an attack within its network. Reuben Koh, Director of Security Technology and Strategy, Asia-Pacific & Japan at Akamai, commented on the regional context and the growing expectations on security teams. "Asia-Pacific's digital economy is one of the fastest growing in the world, largely due to its rapid pace of innovation. However, security teams are being challenged to keep up with a frequently expanding attack surface, and Ransomware attacks tend to target those blind spots. Organisations need to re-assess their security posture and double-down in their efforts to be more cyber resilient. Adopting Zero Trust architectures that are centred around verified access and microsegmentation are a good way to minimise the impact of a ransomware attack. Together with regular recovery drills and incident response simulations, these will become core essentials in improving cyber resilience against attacks like ransomware." Global trends On a global scale, the report identifies that the rise of generative artificial intelligence (GenAI) and large language models (LLMs) is accelerating both the frequency and sophistication of ransomware attacks by lowering the technical barriers for attackers. The use of ransomware-as-a-service is also broadening the base of active threat actors, with many campaigns motivated by political or ideological factors as well as financial gain. The research highlights that almost half of the cryptomining attacks analysed targeted nonprofit and educational organisations, indicating resource constraints make these sectors a frequent target. Additionally, the Trickbot malware family, used extensively by ransomware operators, has enabled the extortion of USD $724 million in cryptocurrency from victims globally since 2016.
Techday NZ
5 days ago
- Techday NZ
Ransomware threats rise, attackers adopt quadruple extortion
A new cybersecurity report highlights the increasing complexity and destructiveness of ransomware attacks targeting businesses and organisations in 2025, with attackers employing advanced extortion tactics and expanding their methods. Akamai has released a qualitative research report entitled "Building resilience amid a volatile threat landscape," which provides an analysis of the operations of prolific ransomware groups such as BlackCat/ALPHV, LockBit, Clop, and RansomedVC. The report explores how these groups have adapted their strategies in response to technological advancements and recent regulatory developments in the UK and elsewhere. Quadruple extortion The report identifies the emergence of quadruple extortion as a growing trend among cybercriminals. Traditionally, ransomware attacks followed a double extortion model, where attackers encrypted a victim's data and threatened to leak it publicly if a ransom was not paid. The new quadruple extortion tactics combine encryption with distributed denial-of-service (DDoS) attacks, public harassment, and threats of regulatory exposure, increasing the pressure on targeted organisations. "Ransomware threats today aren't just about encryption anymore. Attackers are using stolen data, public exposure, and service outages to increase the pressure on victims. These methods are turning cyberattacks into full-blown business crises, and are forcing companies to rethink how they prepare and respond," said Steve Winterfeld, Advisory CISO at Akamai. The sophistication of ransomware groups has been enabled in part by affiliate models, which allow individuals with varying technical abilities to participate in large-scale campaigns. The research found that ideological motivations are also playing a greater role, with some groups driven by political or social causes in addition to financial gain. This complicates the attribution of attacks and presents new challenges for defenders. GenAI and social engineering Another major development highlighted by Akamai is the use of generative artificial intelligence (GenAI) and large language models (LLMs) to automate aspects of ransomware campaigns. The report notes that such technologies are making it easier for less technically skilled individuals to write ransomware code and enhance social engineering tactics. This has contributed to an increase in both the frequency and scale of attacks in the past year. Hacktivist and ransomware hybrid groups have become more prominent, often utilising ransomware-as-a-service (RaaS) platforms to extend their reach. Dragon RaaS, which emerged in 2024 from the Stormous group, is cited as an example of this trend, having shifted its focus from large corporations to smaller organisations perceived as having weaker security defences. Impact on nonprofits and education The report also addresses the issue of cryptominers, which while distinct from ransomware actors, often use similar tactics and target sectors believed to be vulnerable. Akamai researchers found that nearly half of the cryptomining attacks examined targeted nonprofit and educational organisations, likely due to resource limitations in these industries. In addition, the TrickBot malware family is identified as a major tool for ransomware deployment. Since 2016, TrickBot has been used by ransomware groups globally to extort more than USD $724 million in cryptocurrency from victims. The Akamai Guardicore Hunt Team recently linked this malware to suspicious activity on the systems of several customers. Regulatory landscape The report provides an analysis of current legal and regulatory efforts influencing how organisations respond to ransomware incidents. Akamai's Vice President and Chief Privacy Officer, James A. Casey, commented on the need for organisations to adopt comprehensive cybersecurity strategies in light of evolving threats and regulatory requirements. Casey notes that while existing cybersecurity laws apply to ransomware, specific regulations focus on discouraging ransom payments. He also highlights the importance of robust cybersecurity measures, incident reporting, and risk management, as well as strategies like Zero Trust and microsegmentation, to build resilience against evolving ransomware threats. Casey stresses the necessity for organizations to stay informed and adapt to emerging threats. The report presents several actionable recommendations for security teams looking to anticipate and counter attacker tactics in 2025. These include staying abreast of the latest threat actor techniques, investing in robust cybersecurity defences such as zero trust and microsegmentation, and ensuring timely incident reporting and risk management strategies are in place. The detailed findings aim to provide organisations with the information they need to strengthen their resilience against ransomware, as threat actors continue to diversify their motives and approaches in a rapidly changing environment.
Techday NZ
5 days ago
- Techday NZ
Cyberattacks reshape modern conflict & highlight resilience needs
Recent cyberattacks on infrastructure, government, and healthcare demonstrate the increasing integration of digital tactics in contemporary conflicts. The digital frontline Incidents over the past two years highlight a clear shift in the landscape of modern conflict, with the digital realm now playing a significant role. In October 2023, parts of Denmark's railway network were shut down following a coordinated cyberattack, causing train delays nationwide. The following month, hackers disrupted Poland's government document portal at a time of geopolitical tension with Belarus. Early in 2024, a ransomware campaign affected over 100 hospitals in the United States and Europe, resulting in postponed surgeries and diversion of emergency patients. These events underscore a trend where cyberattacks target both public infrastructure and critical services. Political and military responses to such attacks have so far been limited, partly due to challenges in attribution and the perceived impunity attached to digital operations. The press release notes, "The perceived impunity of the digital realm and challenges of timely attribution make digital warfare an active endeavour of many geopolitical adversaries." Government responses Governments worldwide are responding to the changing threat landscape. The United States, European Union, and NATO have increased spending on cyber defence and digital threat-response measures. The UK's National Cyber Force has broadened its recruitment initiatives, while the European Union has introduced new cyber resilience strategies. Even countries with neutral status, such as Switzerland, have begun investing more heavily in cyber intelligence. Types of attacks Analysis of recent incidents reveals five prominent categories of cyberattacks poised to have significant impacts in ongoing and future conflicts. Critical infrastructure attacks Critical infrastructure encompasses power grids, water systems, and transport networks. These environments often use operational technology (OT) networks that are separated from the internet but still have vulnerabilities. Attackers typically exploit mechanisms such as phishing, infected external drives, or unsecured remote access points to gain entry. In 2024, a group linked to Iran, called CyberAv3ngers, breached several US water utilities by targeting internet-connected control systems, raising risks of water contamination. The FBI confirmed a combination of credential theft and unpatched devices were used in these attacks. DDoS attacks Distributed Denial-of-Service (DDoS) attacks deploy networks of compromised devices to overwhelm targeted websites or services, making them inaccessible. Recently, DDoS campaigns caused outages across the Baltic region, affecting government services and private sector industries. An incident in early 2025 targeted multiple industries in Lithuania, illustrating the scale and political motivation behind such attacks. DNS poisoning DNS poisoning manipulates the Domain Name System to divert users from legitimate websites to malicious copies, potentially enabling espionage, service disruption, or data theft. A Google security report in March 2024 confirmed DNS cache poisoning remains a risk, even with advanced defences in place. DNS poisoning has broader implications, potentially disrupting access to critical information or services for entire populations during periods of heightened tension. Ransomware campaigns Ransomware attacks enable criminals to encrypt sensitive files and demand payments for decryption or to prevent the leak of stolen data. In May 2024, Ascension Health in the United States experienced such an attack, affecting 5.6 million patients, disrupting medical procedures, and forcing staff to use manual record-keeping processes. The event highlighted the risks to patient safety and service continuity in healthcare systems during digital attacks. Telecom infrastructure compromise Telecommunications providers are increasingly targeted due to the sensitive nature of the data they handle. In 2024, a group identified as Salt Typhoon, linked to China, exploited vulnerabilities in core networking equipment at major US and Canadian telecom providers. These breaches allowed the attackers to access metadata and unencrypted communications, particularly targeting political and law enforcement communications. The cyber war has arrived, long before there are boots on the ground there are keys on keyboards. The tactics that are shaping it are already here, unfolding across civilian systems, critical infrastructure, and the devices we rely on every day. These aren't hypothetical "future threats", they're warning shots, stress tests, and rehearsals. Strengthening resilience According to the press release, resilience at an individual level can help reduce exposure to these types of attacks. "Resilience for individuals starts with the basics: phishing awareness, strong password practices, regular software updates, and healthy scepticism online. These are simple but powerful habits that reduce exposure to the kinds of attacks already shaping the digital battleground." Organisations are advised against bespoke security models, with tried and tested frameworks such as NIST CSF, OWASP SAMM, and ISO standards cited as effective guides for structuring improvement. The statement continues, "Like any quality control system it is all about analysis of the situation and iterative improvements. Things evolve slowly until they happen all at once." "For cybersecurity professionals, policymakers, and everyday users alike, the takeaway is not panic, but preparation. Building digital resilience isn't just a job for governments or big tech. It affects all of us. It's also about awareness, good hygiene, and knowing how attacks work before they happen."
