Singapore firms face world’s highest ransomware risk

Mid-year conferences made it a prime global target.

Singapore faced a surge in cyberattacks in 2025, with ransomware, data breaches, data theft, and advanced persistent threats (APT) targeting the country’s most critical industries, according to the 2025 Singapore Threat Intelligence Report by global cybersecurity firm ThreatBook. Manufacturing, technology, and financial service industries were the most affected.

The report notes that attacks followed a “low at the beginning of the year, peak in the middle” pattern. January and February saw few incidents, whilst attack volumes surged after July, when regional and global conferences made Singapore a prime target.

Emerging groups such as Qilin, SafePay, and Direwolf drove the concentrated wave of attacks in the middle of 2025, following international law enforcement operations in late 2024 that disrupted established cybercriminal networks like LockBit and ALPHV, the report found.

Ransomware remains the most critical threat. ThreatBook reports that Singapore ranks highest globally for ransomware risk with attackers frequently threatening to report breaches to regulators if ransoms were not paid with around 50% of organisations reported paying ransoms multiple times.

Data theft and breaches also increased, with attackers often infiltrating networks over time instead of immediately encrypting data.

Stolen information was used for extortion, dark web transactions, or intelligence gathering, posing significant risks to finance, technology, and government institutions.

APT attacks accounted for a substantial share of incidents, focusing on government networks, critical infrastructure, and research institutions. ThreatBook notes these attacks aimed at long-term intelligence collection rather than short-term financial gain.

Phishing attacks were lower in volume but frequently served as the initial entry point for ransomware and APT campaigns.

Attackers increasingly combined phishing with social engineering, targeting finance, government, and technology sectors.

Other attack types, including cryptojacking, denial-of-service, and supply chain attacks, occurred less frequently but remained a threat.

DDoS attacks were often coordinated with ransomware campaigns, and supply chain attacks, though rare, had potential cross-industry and cross-border impacts.