Singapore SMB ransomware rate rises despite regional low
Kaspersky says more firms were targeted as attacks increased across Southeast Asia.
The proportion of Singapore small and medium-sized businesses (SMBs) targeted by ransomware rose year-on-year from 0.57% to 0.69% in the first quarter (Q1) of 2026, although it remained the lowest amongst Southeast Asian markets tracked by cybersecurity company Kaspersky.
Across Southeast Asia, 3.51% of SMBs in Kaspersky's ecosystem were targeted by ransomware in Q1 2026, up from 2.92% in the same period last year.
Singapore recorded the lowest proportion of SMBs targeted amongst the seven Southeast Asian markets covered in the report.
Malaysia also posted an increase, rising from 2.09% to 2.74%, whilst Indonesia climbed from 2.83% to 4.01%.
India, which was included in the report for comparison, recorded the highest proportion of SMBs targeted at 4.07%, up from 3.18% a year earlier.
Meanwhile, the Philippines, Thailand and Vietnam recorded lower proportions of SMBs targeted compared with the first quarter of 2025.
The Philippines fell from 2.46% to 1.80%, Thailand from 1.28% to 1.12%, and Vietnam from 2.91% to 2.56%.
Kaspersky said ransomware detection figures capture only the final stage of an attack, when encryption malware is deployed.
According to the company, attacks intercepted during earlier stages, including initial access, reconnaissance, discovery and lateral movement, are not reflected in the statistics.
The company's Q1 2026 malware report also identified Clop as the most active ransomware group during the quarter, accounting for 14.42% of victims published on dedicated leak sites.
It was followed by Qilin at 12.34%, whilst The Gentlemen, a ransomware group that emerged in July 2025, ranked third.
Kaspersky said The Gentlemen uses custom-built tools to gather information from victim systems before deploying ransomware and is believed to work with Initial Access Brokers (IABs) to obtain access to targeted organisations.
Fedor Sinitsyn, security expert at Kaspersky, said organisations should not rely solely on backup systems because many ransomware groups now use double extortion, encrypting files whilst also stealing confidential data and threatening to publish it if a ransom is not paid.
Adrian Hia, managing director for Asia Pacific at Kaspersky, said ransomware techniques are becoming more sophisticated and are increasingly targeting SMBs that may lack dedicated cybersecurity teams or comprehensive patch management programmes.
He added that SMBs should invest in cybersecurity measures that are sustainable given their available resources.