Extortion malware assaults will persist in troubling APAC businesses by 2025, as per Rapid7. The cybersecurity technology seller anticipates that an increase in previously unknown exploits and modifications in the extortion malware sector dynamics will bring about an “uneven ride” for security and IT specialists across the area.
Incidents of extortion malware have been steadily on the rise over the past few years. Rapid7’s Extortion Malware Radar Report exposed that globally, 21 new extortion malware factions surfaced in the initial six months of 2024. An independent analysis discovered that these offenders doubled their earnings to $1.1 billion in extortion payments in 2023.
Although the Rapid7 report didn’t precisely specify APAC’s problems with previously unknown exploits, PwC’s yearly Digital Trust Insights (DTI) examination revealed that 14% of the region pointed out previously unknown vulnerabilities as one of the top cyber threats from third-party sources in 2024 — a challenge that might continue into 2025.
Despite global activities such as the elimination of LockBit, extortion malware operators continued to prosper. Rapid7 foresees a rise in the use of previously unknown vulnerabilities in 2025, as these factions are expected to widen their avenues of attack and circumvent traditional security protocols.
Influences of Extortion Malware Industry on Attacks in 2025
Rapid7’s leading scientist, Raj Samani, pointed out that the company has witnessed extortion malware factions gaining entry to “novel, innovative initial entry vectors,” or previously unknown vulnerabilities, over the previous year. He elaborated that previously unknown incidents occurred nearly every week instead of the quarterly rate seen in the past.
The company has noticed extortion malware operators exploiting previously unknown vulnerabilities in methods that weren’t feasible a decade ago. This is attributed to the financial prosperity of extortion campaigns, receiving payments in the flourishing world of digital currencies, which produced a windfall allowing them to “invest” in exploiting more previously unknown vulnerabilities.
In APAC, these circumstances are prompting global extortion malware gangs to partake in extortion schemes aimed at specific regions. Nonetheless, Rapid7 previously acknowledged that the most prevalent factions differ based on the targeted country or industry, attracting diverse extortion factions.
SEE: US Sanctions Chinese Cybersecurity Firm for 2020 Extortion Attack
Samani suggested that the threat posed by previously unknown incidents could exacerbate in 2025 due to the fluctuating dynamics within the extortion malware ecosystem. He highlighted that the sector may observe a surge in less technically proficient affiliate groups joining the league of those targeting worldwide enterprises.
“The reason behind the rampant rise in extortion malware and the heightened demand and exponential surge in payments is due to the separation of individuals developing the code and those infiltrating companies to deploy that code — hence two distinct groups,” he clarified.
Samani presumed that, though the enigmatic nature of extortion malware clouds the scenario, a extortion malware faction with access to previously unknown vulnerabilities for initial entry could utilize them to appeal to more affiliates.
“The major concern lies in whether the operational and technical proficiency of the affiliate could be lower? Are they reducing the technical entry barriers into this specific market space? All these unveil that 2025 could be quite tumultuous,” he stated.
Prohibitions on Extortion Payments Might Disrupt Incident Response Strategies
Sabeen Malik, Rapid7’s head of global government affairs and public policy, noted that governments globally are increasingly regarding extortion malware as a “vital concern”, with the largest globally united front to combat the scheme, the International Counter Extortion Malware Initiative, presently boasting its highest member count ever.
This occurs as certain Asian enterprises stand prepared to pay ransoms to keep operations running smoothly. Surveys by Cohesity issued in July unveiled that 82% of IT and security decision-makers in Singapore and Malaysia would pay a ransom to regain data and reinstate operations.
A similar sentiment resonated with Australian and New Zealand respondents in the same survey: 56% verified their company had encountered an extortion malware attack in the past six months, and 78% affirmed they would pay a ransom for data and operational recovery in the future.
Nations in APAC are reflecting on how to react through regulations. Australia has recently mandated ransomware payment disclosure for entities generating over $3 million, necessitating a payment report within 72 hours.
SEE: Australia’s Cybersecurity Law Encompasses Extortion Payment Reporting
Nevertheless, absolute prohibition of extortion payments could potentially exert a disproportionate influence on the security sector, cautioned Rapid7. If payments were expressly forbidden, targeted entities might lose a recovery avenue post-attack.
“The impending shadow over all of us isn’t regulations, but rather mandates from governments against the usage of, or payments regarding extortion malware; these substantial, gargantuan decisions could profoundly impact the sector,” Samani remarked.
“One must contemplate how a ban on extortion payments within my vicinity would then affect my operational strategies pertaining to BCP [business continuity] and DR [disaster recovery],” he added.
Pointers for Mitigating Extortion Malware Threats
Rapid7 advised security teams to mull over several tactics to counter threats:
Enforce Fundamental Cybersecurity Protocols
Malik mentioned that firms are contemplating how modern technologies like AI overlays can help combat the issue — nonetheless, they should not disregard basic protocol adherence, such as password management, to establish secure underpinnings.
“Although obvious, the persisting issues resulting from identity management and password mishandling have led to our current situation. What are some rudimentary aspects to solidify these [protocols]?” she inquired.
Pose Challenging Queries to AI Security Providers
Samani mentioned that advanced AI tools could help “disrupt the kill chain more swiftly and effectively” in the event that threat actors surpass defenses. Even so, he contended that “security is not a standardized commodity” and that not all AI models exhibit the same caliber. He recommended that teams probe the suppliers and vendors with queries.
SEE: How Can Businesses Safeguard Themselves Against Common Cyber Threats
As elaborated, these interpellations could encompass:
- “What constitutes their discovery strategy, and what about their response strategy?”
- “Do they possess a contingency incident arrangement?”
- “Are regular evaluations conducted? How about penetration testing?”
Chart, Give Priority to, and Expand Data Pipelines
Rapid7 proposed that entities strive to comprehend and delineate their total attack surface, spanning cloud, on-premise, identities, external entities, and external assets. They also encouraged firms to rank risks by aligning exposed assets with business-critical applications and sensitive information.
Furthermore, Samani emphasized that the utmost vital approach is to broaden data collection channels. He specified that companies should amalgamate data from multiple sources, standardize data across sources, and institute a technique for recognizing an asset.
“Extortion malware is likely at the forefront of your [company] boards’ attention. Utilize this as a chance to engage in meaningful dialogues with them. Be prepared for invitations to board meetings. Ensure that you clarify the risks to your high-ranking executives,” Samani outlined.
About Author
