Ransomware continues to pose a significant threat to small- and medium-sized businesses (SMBs) in Southeast Asia, according to the latest data from cybersecurity firm Kaspersky. In Q1 2026, 3.51% of SMBs in the region were targeted, an increase from 2.92% in the same period last year. Singapore saw a rise from 0.57% to 0.69%, highlighting the persistent risk these businesses face.
The report underscores that the true extent of ransomware threats is often understated. Ransomware attacks typically involve multiple stages, and only the final stage—deployment of the encryption Trojan—is recorded in detection metrics. This means earlier stages of attacks, such as initial access and reconnaissance, often go unreported.
Kaspersky’s Q1 2026 malware report also identified the most active ransomware groups. Clop ransomware led the rankings, responsible for 14.42% of victims on Dedicated Leak Sites (DLS). It was followed by Qilin at 12.34%, with The Gentlemen, a rapidly expanding group, taking third place.
Security expert Fedor Sinitsyn from Kaspersky warns that SMBs cannot afford to underestimate the complexity of ransomware threats. He emphasises the need for a layered cyber protection strategy, as modern ransomware actors often employ a “double extortion” approach, encrypting files and threatening to leak data if ransoms are not paid.
Adrian Hia, Managing Director for Asia Pacific at Kaspersky, highlights the increasing sophistication of ransomware attacks and the vulnerability of SMBs lacking dedicated cybersecurity resources. He stresses the importance of sustainable investment in cybersecurity to protect against these evolving threats.



