Akamai SOTI Report Examines Increasing Complexity of Ransomware Attacks

Akamai Technologies, the cybersecurity and cloud computing company that powers and protects business online, has found that bad actors are using a new quadruple extortion tactic in ransomware campaigns, while double extortion remains the most common approach. With ransomware accounting for more than half of the total data breaches in this region in 2024, Asia Pacific (APAC) enterprises must scrutinise and strengthen their cyber defences to minimise vulnerabilities and ensure business resilience.

According to the new Akamai State of the Internet (SOTI) report, Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape, the emerging trend of quadruple extortion includes DDoS (Distributed Denial of Service) attacks and pressuring third parties like customers, partners, or media to increase the pressure on the victim. That builds on double extortion ransomware in which attackers simply encrypt a victim’s data and threaten to leak it publicly if the ransom is not paid.

“Ransomware threats today are not just about encryption anymore,” said Steve Winterfeld, Advisory CISO at Akamai. “Attackers are using stolen data, public exposure, and service outages to increase the pressure on victims. These methods are turning cyberattacks into full-blown business crises, and are forcing companies to rethink how they prepare and respond.”

Healthcare and Legal Sectors in APAC Are in the Crosshairs

Major ransomware groups like LockBit, BlackCat/ALPHV, and CL0P remain dominant actors across the region, though new entrants like Abyss Locker and Akira are rapidly rising. These groups have targeted APAC’s critical sectors — from healthcare to legal services—with alarming precision. Notable incidents include the Abyss Locker breach of 1.5TB of sensitive data from Australia’s Nursing Home Foundation, and a USD $1.9 million extortion payout by a Singapore-based law firm following an Akira attack.

Hybrid ransomware activist groups are also gaining traction. Using ransomware-as-a-service (RaaS) platforms, groups like RansomHub, Play, and Anubis are targeting APAC-based small and medium-sized enterprises, healthcare organisations, and educational institutions. One Australian in vitro fertilisation clinic and multiple medical practices were recently breached by these newer syndicates.

Compliance Complexity Is a Growing Liability

In APAC, Akamai found that fragmented compliance and uneven regulatory maturity are fuelling the evolving use of regulation extortion tactics by ransomware groups. For example, failure to comply with Singapore’s Personal Data Protection Act (PDPA) can result in fines of up to 10% of annual revenue, India imposes potential criminal penalties, while Japan currently has no formal financial penalties for non-compliance. These inconsistencies leave multinational enterprises navigating a complex regulatory patchwork that can slow reporting efforts—or worse, create blind spots attackers are keen to exploit.

Zero Trust and Resilience Remain Critical

Akamai highlights the growing importance of Zero Trust and microsegmentation as essential defences against modern ransomware tactics in the report. For example, a regional consulting firm in APAC used software-defined microsegmentation to enforce Zero Trust access controls, reducing the internal attack surface and halting lateral movement before damage could spread.

“Asia-Pacific’s digital economy is one of the fastest growing in the world, largely due to its rapid pace of innovation,” said Reuben Koh, Director of Security Technology and Strategy, Asia-Pacific & Japan at Akamai. “However, security teams are being challenged to keep up with a frequently expanding attack surface, and Ransomware attacks tend to target those blind spots. Organisations need to re-assess their security posture and double-down in their efforts to be more cyber resilient. Adopting Zero Trust architectures that are centered around verified access and microsegmentation are a good way to minimise the impact of a ransomware attack. Together with regular recovery drills and incident response simulations, these will become core essentials in improving cyber resilience against attacks like ransomware.”

Additional Global Insights from the Akamai Report

• GenAI and LLMs are helping to increase the frequency and scale of ransomware attacks by making it easier for individuals with less technical expertise to write ransomware code and improve their social engineering tactics.
• Hybrid ransomware activist groups are increasingly using ransomware-as-a-service (RaaS) platforms to amplify their impact, driven by a mix of political, ideological, and financial motives.
• It is found that nearly half of the cryptomining attacks the Akamai research team analysed targeted nonprofit and educational organisations, likely due to a lack of resources within these industries.
• The Trickbot malware family, used by ransomware groups globally, extorted a total of USD $724 million in cryptocurrency from victims since 2016.

Read the full Akamai report to learn more.