Risks from ransomware attacks
In the first quarter of 2026, 3.51% of small and medium-sized enterprises using Kaspersky security solutions in the region became targets of ransomware attacks, up from 2.92% in the same period in 2025. In Singapore alone, the rate of small and medium-sized enterprises becoming targets of attacks was 0.69%, a slight increase compared to 0.57% recorded in the same period last year.
Although the rate of ransomware attacks targeting small and medium-sized enterprises in the Philippines, Thailand and Vietnam tends to decrease, businesses need to note that these figures are not good signs, but the fact that the rate of small and medium-sized enterprises being attacked is always maintained at a high and stable level is the clearest proof that this threat is still rampant.
In addition, data on ransomware attacks only reflects a part of the overall picture. In fact, criminal groups using ransomware attacks often divide attacks into many consecutive phases. Only when the attack reaches the final stage - when the malware starts locking data - does the system officially recognize it as a ransomware attack.
Advice, solutions
In the context of increasing threats from ransomware to small and medium-sized enterprises, cybersecurity experts recommend that businesses apply the following measures to enhance protection capabilities:
- Always update software on all devices to prevent hackers from exploiting security vulnerabilities to infiltrate the system.
- Focus on building a defense strategy capable of detecting horizontal movements to other systems in the same network and leaking data out of the system.
At the same time, it is necessary to specifically monitor outward traffic to detect unusual connections between internal networks and bad actors' infrastructure. Businesses should also set up offline backups outside the scope of bad actors' intervention, while ensuring they can be quickly restored when problems occur.
- Deploy targeted centralized cyberattack prevention solutions and endpoint detection and response tools to support the detection of enhanced threats, serving timely investigation and incident handling.
- Develop an incident response plan and ensure that this plan includes supply chain attack scenarios. At the same time, it is necessary to clearly identify steps to quickly detect and isolate incidents, such as disconnecting the supplier from the business's system as soon as necessary.
