Ransomware attacks will continue to plague APAC enterprises in 2025, according to Rapid7. The cybersecurity tech vendor expects that more zero-day exploits and changes in ransomware industry dynamics will result in a “bumpy ride” for security and IT professionals throughout the region.
Ransomware incidents have steadily risen over the last couple of years. Rapid7’s Ransomware Radar Report revealed that 21 new ransomware groups emerged globally in the first half of 2024. A separate analysis found that these criminals doubled their takings to $1.1 billion in ransom payments in 2023.
While the Rapid7 report did not specifically detail APAC’s issues with zero-day exploits, PwC’s annual Digital Trust Insights (DTI) survey revealed that 14% of the region identified zero-day vulnerabilities as one of the top third-party-related cyber threats in 2024 — an issue that could linger into 2025.
Despite international efforts like the takedown of LockBit, ransomware operators continued to thrive. Rapid7 predicts increased exploitation of zero-day vulnerabilities in 2025, as these groups are expected to expand attack vectors and bypass traditional security measures.
Ransomware industry dynamics to shape attacks in 2025
Rapid7’s chief scientist, Raj Samani, said the firm has seen ransomware groups gaining access “to novel, new initial entry vectors,” or zero-day vulnerabilities, over the last year. He explained that zero-day events were happening almost weekly rather than about once a quarter as they had in the past.
The firm has observed ransomware operators exploiting zero days in ways that were not feasible 10 years ago. This is due to the financial success of ransomware campaigns, being paid in booming cryptocurrency, which created a windfall that allowed them to “invest” in exploiting more zero days.
In APAC, these conditions are causing global ransomware threat groups to engage in regionally targeted ransomware campaigns. However, Rapid7 previously noted that the most prevalent groups vary based on the targeted country or sector, which attracts different ransomware groups.
SEE: US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack
Samani said the threat posed by zero-day events could worsen in 2025 due to the dynamics within the ransomware ecosystem. He noted that the market could witness an increase in less technically skilled affiliate organisations joining the ranks of those attacking global enterprises.
“The reason why we’ve seen such a growth in ransomware and the demand and exponential increase in payments is because you have individuals that develop the code and individuals that go out and break into companies and deploy that code — so two separate groups,” he explained.
Samani speculated that, while the opaque nature of ransomware makes the situation unclear, a ransomware group with access to zero-day vulnerabilities for an initial entry could use them to attract more affiliates.
“The bigger concern is, does that then mean the operational and technical proficiency of the affiliate can be lower? Are they lowering the technical barriers to entering this particular market space? All of which kind of reveals 2025 could be very bumpy,” he said.
Ransomware payment bans could shake up incident response plans
Sabeen Malik, Rapid7’s head of global government affairs and public policy, said governments worldwide increasingly view ransomware as a “critical issue,” with the biggest global collective to combat the initiative, the International Counter Ransomware Initiative, now having the most members it has ever had.
This comes as some Asian companies remain ready to pay ransoms to keep business going. Research from Cohesity released in July found that 82% of IT and security decision-makers in Singapore and Malaysia would pay a ransom to recover data and restore business processes.
The same was true of Aus