Ransomware Landscape 2025
Ransomware in 2025: Fragmented, Relentless, and Closer to Home Than Ever
The ransomware landscape in 2025 defied every prediction of a plateau. Instead, it accelerated. The ecosystem fragmented into more groups, launched more attacks, and shifted its crosshairs squarely onto Asia-Pacific, with devastating consequences for small and mid-sized organisations.
The Numbers Behind the Surge
Global ransomware attacks exceeded 7,400 in 2025, a 32% increase over the 5,631 recorded in 2024. At its peak, a new ransomware attack occurred approximately every 19 seconds. Behind this volume sat a record 85 active ransomware groups operating simultaneously in Q3 2025, the highest count ever observed.
The leading groups shifted as well:
- Qilin dominated with over 1,034 attributed attacks
- Akira followed with 765
- Clop, responsible for multiple mass-exploitation campaigns, registered 454
- New Asia-first groups like DireWolf emerged, targeting Singapore, Thailand, the Philippines, and Taiwan
Asia-Pacific in the Crosshairs
Asia accounted for 14% of global ransomware attacks, behind North America (43%) and Europe (32%), but with sharply accelerating growth. South Korea experienced a staggering 540% year-over-year increase, jumping from 10 attacks in 2024 to 64 in 2025, with the Qilin group listing 30 South Korean victims in a single two-month period.
In Singapore, a ransomware attack on an IT services provider in March 2025 compromised the personal data of over 100,000 individuals and disrupted multiple public sector agencies, a stark reminder that the supply chain amplifies ransomware risk dramatically.
Resilience Is Replacing Ransom Payments
One encouraging trend: organisations are increasingly refusing to pay. Payment rates dropped from a peak of 85% in 2021 to approximately 35% in 2025. This suggests growing investment in backup strategies, incident response planning, and the kind of resilience frameworks that allow organisations to recover without capitulating.
At Blue Island Security, we see this shift as validation of a core principle: ransomware is a business continuity problem, not solely a technology problem. The organisations that fared best in 2025 were those that had invested in preparation before the attack arrived.
This is Part 2 of an 8-part series from Blue Island Security. The full 2025 Cybersecurity Year in Review will be available for download soon.
The Future of SOC: Expert-Led AI Hyperautomation
Why the security market's worst day in years reveals what actually works
Datadog Partnership
We built Blue Island Group on a simple promise, enterprise-grade capabilities for Asia-Pacific organisations without the complexity. Today, that promise just got stronger.
2025 Cybersecurity Year in Review Series Launch
Blue Island Group is releasing its 2025 Cybersecurity Year in Review, and we're breaking it down in 8 parts, starting now.
Get in touch
Do you have questions, suggestions, or want to discuss how we can help protect your business?
We’re always ready to talk. Please fill out the form below and our team will get back to you shortly.