Photo by GuerrillaBuzz via Unsplash

Singapore SMB ransomware rate rises despite regional low

Kaspersky says more firms were targeted as attacks increased across Southeast Asia.

The proportion of Singapore small and medium-sized businesses (SMBs) targeted by ransomware rose year-on-year from 0.57% to 0.69% in the first quarter (Q1) of 2026, although it remained the lowest amongst Southeast Asian markets tracked by cybersecurity company Kaspersky.

Across Southeast Asia, 3.51% of SMBs in Kaspersky's ecosystem were targeted by ransomware in Q1 2026, up from 2.92% in the same period last year.

Singapore recorded the lowest proportion of SMBs targeted amongst the seven Southeast Asian markets covered in the report.

Malaysia also posted an increase, rising from 2.09% to 2.74%, whilst Indonesia climbed from 2.83% to 4.01%.

India, which was included in the report for comparison, recorded the highest proportion of SMBs targeted at 4.07%, up from 3.18% a year earlier.

Meanwhile, the Philippines, Thailand and Vietnam recorded lower proportions of SMBs targeted compared with the first quarter of 2025.

The Philippines fell from 2.46% to 1.80%, Thailand from 1.28% to 1.12%, and Vietnam from 2.91% to 2.56%.

Kaspersky said ransomware detection figures capture only the final stage of an attack, when encryption malware is deployed.

According to the company, attacks intercepted during earlier stages, including initial access, reconnaissance, discovery and lateral movement, are not reflected in the statistics.

The company's Q1 2026 malware report also identified Clop as the most active ransomware group during the quarter, accounting for 14.42% of victims published on dedicated leak sites.

It was followed by Qilin at 12.34%, whilst The Gentlemen, a ransomware group that emerged in July 2025, ranked third.

Kaspersky said The Gentlemen uses custom-built tools to gather information from victim systems before deploying ransomware and is believed to work with Initial Access Brokers (IABs) to obtain access to targeted organisations.

Fedor Sinitsyn, security expert at Kaspersky, said organisations should not rely solely on backup systems because many ransomware groups now use double extortion, encrypting files whilst also stealing confidential data and threatening to publish it if a ransom is not paid.

Adrian Hia, managing director for Asia Pacific at Kaspersky, said ransomware techniques are becoming more sophisticated and are increasingly targeting SMBs that may lack dedicated cybersecurity teams or comprehensive patch management programmes.

He added that SMBs should invest in cybersecurity measures that are sustainable given their available resources.

Follow the link for more news on

Join Singapore Business Review community
A NOTE FROM SINGAPORE BUSINESS REVIEW

The people you want to reach are already in this room.

Every quarter, SBR lands on the desks of the founders, CFOs, and directors running Asia's most consequential companies. Every day, they open our newsletter and read our website. It's a room that took twenty years to build — and it's the one most of our partners are trying to get into.

The good news is that the door is open. We work with companies on thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. The shape of the right partnership depends on what you're trying to do, which is why we'd rather start with a conversation than send a rate card.


If you have something this room should know about, tell us. We'll tell you honestly whether we can help, and how.

No rate cards until we understand the brief. It's a better use of everyone's time.