, Singapore
483 views
Photo by Tima Miroshnichenko via Pexels

Singapore firms face world’s highest ransomware risk

Mid-year conferences made it a prime global target.

Singapore faced a surge in cyberattacks in 2025, with ransomware, data breaches, data theft, and advanced persistent threats (APT) targeting the country’s most critical industries, according to the 2025 Singapore Threat Intelligence Report by global cybersecurity firm ThreatBook. Manufacturing, technology, and financial service industries were the most affected.

The report notes that attacks followed a “low at the beginning of the year, peak in the middle” pattern. January and February saw few incidents, whilst attack volumes surged after July, when regional and global conferences made Singapore a prime target.

Emerging groups such as Qilin, SafePay, and Direwolf drove the concentrated wave of attacks in the middle of 2025, following international law enforcement operations in late 2024 that disrupted established cybercriminal networks like LockBit and ALPHV, the report found.

Ransomware remains the most critical threat. ThreatBook reports that Singapore ranks highest globally for ransomware risk with attackers frequently threatening to report breaches to regulators if ransoms were not paid with around 50% of organisations reported paying ransoms multiple times.

Data theft and breaches also increased, with attackers often infiltrating networks over time instead of immediately encrypting data.

Stolen information was used for extortion, dark web transactions, or intelligence gathering, posing significant risks to finance, technology, and government institutions.

APT attacks accounted for a substantial share of incidents, focusing on government networks, critical infrastructure, and research institutions. ThreatBook notes these attacks aimed at long-term intelligence collection rather than short-term financial gain.

Phishing attacks were lower in volume but frequently served as the initial entry point for ransomware and APT campaigns.

Attackers increasingly combined phishing with social engineering, targeting finance, government, and technology sectors.

Other attack types, including cryptojacking, denial-of-service, and supply chain attacks, occurred less frequently but remained a threat.

DDoS attacks were often coordinated with ransomware campaigns, and supply chain attacks, though rare, had potential cross-industry and cross-border impacts.

Follow the link for more news on

Join Singapore Business Review community
A NOTE FROM SINGAPORE BUSINESS REVIEW

The people you want to reach are already in this room.

Every quarter, SBR lands on the desks of the founders, CFOs, and directors running Asia's most consequential companies. Every day, they open our newsletter and read our website. It's a room that took twenty years to build — and it's the one most of our partners are trying to get into.

The good news is that the door is open. We work with companies on thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. The shape of the right partnership depends on what you're trying to do, which is why we'd rather start with a conversation than send a rate card.


If you have something this room should know about, tell us. We'll tell you honestly whether we can help, and how.

No rate cards until we understand the brief. It's a better use of everyone's time.