Ransomware to Cause ‘Bumpy’ Security Ride in 2025

According to Rapid7, ransomware attacks will continue to plague businesses in the Asia-Pacific region through 2025. The cybersecurity technology provider expects more zero-day vulnerabilities and changing dynamics in the ransomware industry to create a “bumpy ride” for security and IT professionals across the region.

Ransomware incidents are on a steady rise rise in the past few years. fast 7’s Ransomware Radar Report According to reports, 21 new ransomware organizations appeared around the world in the first half of 2024. Their revenue doubled to $1.1 billion Ransom to be paid in 2023.

While the Rapid7 report did not specifically detail the problem of zero-day exploits in Asia Pacific, PwC’s annual Digital Trust Insights (DTI) survey revealed that 14% of people in the region believe that zero-day exploits are the most important third party in Asia Pacific One of the related cyber threats.

Despite the efforts of the international community Like the downfall of LockBitthe ransomware industry continues to thrive. Rapid7 predicts that the exploitation of zero-day vulnerabilities will increase by 2025 as these organizations anticipate expanding attack vectors and bypassing traditional security measures.

Ransomware industry dynamics will impact attacks in 2025

Raj Samani, chief scientist at Rapid7, said the company has discovered over the past year that ransomware groups have gained access to “novel, new initial entry vectors” or zero-day vulnerabilities. He explained that zero-day events are happening almost every week, rather than once a season as they used to be.

The company observed Ransomware operators exploit zero-day vulnerabilities In a way that wasn’t possible a decade ago. This is due to the financial success of ransomware campaigns and payment in booming cryptocurrencies, which creates a windfall that allows them to “invest” in exploiting more zero-day vulnerabilities.

In the Asia-Pacific region, these conditions have resulted in global ransomware threat groups engaging in regionally targeted ransomware campaigns. However, Rapid7 previously noted The most common groups vary by target country or sectorattracting different ransomware groups.

look: U.S. sanctions Chinese cybersecurity firms over 2020 ransomware attacks

Samani said the threat posed by zero-day incidents is likely to worsen in 2025 due to changing dynamics within the ransomware ecosystem. He noted that the market is likely to see an increase in the number of less-skilled affiliated groups joining the ranks of attacking global enterprises.

“The reason we’re seeing such growth in ransomware and demand for payments and exponential growth is because there are individuals who develop the code and individuals who break into companies and deploy that code – so there are two different groups,” he explained.

Samani speculates that while the opaque nature of the ransomware makes the situation unclear, Ransomware groups capable of exploiting zero-day vulnerabilities For first timers, they can be leveraged to attract more affiliates.

“The bigger concern is, does this mean the affiliates become less operational and less technically proficient? Have they lowered the technical barriers to entry into this particular market space? 2025 could be a very bumpy year with all these disclosures,” he said.

Ransomware payment ban could impact incident response plans

Sabeen Malik, global head of government affairs and public policy at Rapid7, said governments around the world are increasingly Considers ransomware a ‘critical issue’ Working with the world’s largest collective against the initiative, International Anti-Ransomware Initiativenow has the most members ever.

Meanwhile, some Asian companies are still prepared to pay ransoms to keep their businesses afloat. Research released by Cohesity in July found that 82% of IT and security decision-makers in Singapore and Malaysia are willing to pay a ransom to recover data and restore business processes.

The same was true for Australian and New Zealand respondents in the same survey: 56% confirmed their company had been hit by a ransomware attack in the past six months, and 78% Said they would pay the ransom in the future to recover data and business processes.

Countries in the Asia-Pacific region are considering how to respond through regulation. Australia has just implemented mandatory ransomware payment reporting for organizations with amounts over $3 million, and these organizations must now report payments within 72 hours.

look: Australian cyber security laws include ransomware payment reports

However, it is prohibited Ransomware payments Rapid7 says thoroughness could have a huge impact on the security industry. If payments are prohibited, targeted companies may lose their path to recovery after an attack.

“The shadow hanging over all of us is not regulations, but more government mandates to ban the use of ransomware or to pay for ransomware; I think these types of huge decisions could have a huge impact on the entire industry.

“What you must consider about BCP [business continuity] Planning and your disaster recovery [disaster recovery] The plan is, if ransomware payments are banned in my territory…how will that affect the way I do things? he said.

Tips to prevent ransomware threats

Rapid7 recommends that security teams consider several measures to combat threats:

Implement basic cybersecurity hygiene

Malik said companies are considering how they can leverage new technologies, such as artificial intelligence overlays, to help solve the problem, but they shouldn’t forget about basic hygiene, such as password management, to ensure the security foundation is in place.

“It seems like a given, but we continue to see how many problems We’ve seen poor identity management and password management leading to our current situation. What basic things do we need to make these products? [hygiene] Practice the basics? she asked.

Asking the tough questions of AI security vendors

If threat actors breach defenses, newer artificial intelligence tools can help “break down the kill chain faster and faster,” Samani said. However, he said “security is not a commodity” and not all AI models have the same qualities. He advised the team to ask questions of suppliers and vendors.

look: How businesses can defend against common cyber threats

As he explains, these issues may include:

• “What is their detection strategy, what is their response strategy?”
• “Do you have incident response staff?”
• “Do you conduct regular testing? What about penetration testing?

Map, prioritize and broaden your data pipeline

Rapid7 recommends organizations try Understand and map their entire attack surfaceincluding cloud, on-premises, identity, third-party and external assets. They also urge companies to prioritize risks by mapping exposed assets to critical business applications and sensitive data.

Beyond that, Samani said the most important approach is to broaden the intake pipeline. He said organizations should collect data from multiple sources and standardize data across sources and develop methods for identifying assets.

“Probably what you care about most [company] The board is ransomware,” Samani said. “Use this opportunity to have meaningful discussions with them. Don’t have any illusions: you will be invited to board meetings. Be prepared for this, and make sure you articulate the risks to senior leadership.