Live54m agoUMC Begins Silicon Photonics Chip Production in Singapore for AI Data Centres
← Back to stories

Singapore SMB Ransomware Rate Rises in Q1 Despite Remaining Lowest in SE Asia

Source: Singapore Business Review

The proportion of Singapore small and medium-sized businesses targeted by ransomware rose from 0.57% to 0.69% year-on-year in Q1 2026, according to Kaspersky data. While Singapore remained the least affected market in Southeast Asia, the regional average climbed to 3.51% as ransomware groups deploy increasingly sophisticated techniques including double extortion.

Singapore SMB Ransomware Rate Rises in Q1 Despite Remaining Lowest in SE Asia
SGAI Daily

The proportion of Singapore small and medium-sized businesses (SMBs) targeted by ransomware rose year-on-year from 0.57% to 0.69% in the first quarter of 2026, according to new data from cybersecurity firm Kaspersky. While Singapore recorded the lowest proportion of SMBs affected among seven Southeast Asian markets tracked, the increase signals that no market is immune from the region's worsening ransomware landscape.

Across Southeast Asia, 3.51% of SMBs in Kaspersky's ecosystem were targeted by ransomware in Q1 2026, up from 2.92% in the same period last year. Malaysia saw an increase from 2.09% to 2.74%, while Indonesia climbed from 2.83% to 4.01%. India, included for comparison, recorded the highest proportion at 4.07%, up from 3.18% a year earlier. The Philippines, Thailand and Vietnam all recorded lower proportions of SMBs targeted compared with Q1 2025.

Kaspersky identified Clop as the most active ransomware group during the quarter, accounting for 14.42% of victims published on dedicated leak sites, followed by Qilin at 12.34%. The Gentlemen, a group that emerged in July 2025 using custom-built tools to gather information before deploying ransomware, ranked third. Adrian Hia, Managing Director for Asia Pacific at Kaspersky, noted that ransomware techniques are becoming more sophisticated and are increasingly targeting SMBs that may lack dedicated cybersecurity teams.

The company warned that organisations should not rely solely on backup systems, as many ransomware groups now employ double extortion: encrypting files whilst also stealing confidential data and threatening to publish it if a ransom is not paid. Kaspersky noted that its ransomware detection figures capture only the final stage of an attack when encryption malware is deployed, meaning attacks intercepted during earlier stages are not reflected in the statistics.

Why it matters for Singapore: Singapore SMBs form the backbone of the economy, and this data point is a reminder that the city-state's relatively low ransomware rate should not breed complacency. As AI-enabled cyber attacks grow more sophisticated, SMBs that lack dedicated security teams are increasingly attractive targets. The trend underscores the importance of sustainable cybersecurity investments and the government's ongoing push for stronger cyber hygiene across the business community.

Your daily AI edge in Singapore: in <5 minutes.

We do the reading so you don't have to. Get the essential TL;DR on local AI moves delivered to your inbox every morning.