The cybersecurity landscape for ransomware appears to be worsening. Going into 2026, ransomware continues to be a threat for companies globally, showing resilience, evolution and adaptation.
According to VDC Research and Kaspersky, Asia-Pacific accounts for $11.5 billion or the majority of worldwide financial losses and underscores how rapid digitisation in the region is expanding attack surfaces.
In 2026, the rise of agentic AI threatens to further automate attack chains even further and execute them at speeds many times faster than human operators, overwhelming organisations who are inadequately prepared.
How worried should we be in the coming 12 months, and what steps can we take to mitigate against the new spate of ransomware attacks?
iTNews Asia speaks with Noushin Shabab, Lead Security Researcher, Global Research and Analysis Team at Kaspersky.
iTNews Asia: Why has ransomware become such a pervasive threat for organisations worldwide? Who’s behind it?
Shabab: Ransomware has shown resilience and adaptability in a way that proves to be pervasively threatening to organisations worldwide. Specifically, the continued dominance of Ransomware-as-a-Service (RaaS) models that offer malware, affiliate programs, and even initial access brokering has translated into lowered barriers for entry-level criminals. This not only expands the pool of threat actors, but also the volume and speed at which ransomware campaigns are being designed and executed.
Moreover, attackers are bypassing traditional defenses by targeting unconventional entry points, such as IoT devices, smart appliances, and even webcams. The integration of AI, particularly Large Language Models, has also accelerated these attacks.
Some notable groups include FunkSec - first emerged in late 2024, the group is known for using AI-generated code for low-cost, high-volume attacks on government, finance, and education sectors in regions like India and Europe. Other hacktivist groups, such as Head Mare and Twelve, are also known for weaponising ransomware against the manufacturing industry and other high-value targets.
iTNews Asia: Why is the Asia Pacific region bearing the brunt of these ransomware attacks?
Shabab: A recent study by VDC Research and Kaspersky revealed that in the first three quarters of 2025, ransomware attacks on manufacturing organisations alone could have generated over $18 billion in losses. Regionally, Asia-Pacific bears the brunt of this, contributing $11.5 billion in potential losses.
It comes as no surprise that APAC continues to be a prime target for ransomware campaigns. The region serves as a manufacturing hub central to many supply chains and production lines globally. Moreover, it is also a rapidly digitalising one as companies increasingly look to converge their informational and operational technologies. This convergence, however, introduces new cybersecurity risks as the attack surface expands. Not to mention, the complexity of such manufacturing environments, along with widening expertise gaps and ongoing labour challenges, makes it difficult for most organisations to manage their cybersecurity effectively.
In gist, the combination of APAC’s centrality in supply chains, its rapid digitalisation, as well as the inadequacy in cybersecurity protection, makes the region particularly vulnerable to ransomware attacks.
iTNews Asia: Ransomware threat actors’ tactics seem to be evolving, with many cybercriminals successful, why?
Shabab: Threat actors are constantly looking to improve their tactics as they leverage the latest technologies and exploit unpatched vulnerabilities for their malicious campaigns. However, the same urgency to evolve and enhance capabilities is not always adopted in businesses’ fight against cybercrime.
The speed at which attackers are evolving must be counteracted with an even greater proactivity to stay on top of and protect against the latest threats. Failing to do so risks creating chances of success for these cybercriminals.
iTNews Asia: What can we expect to see in 2026?
Shabab: With the rapid integration and increasing sophistication of AI, alongside the continued dominance of RaaS models, we can expect a surge in autonomous threats in 2026. In addition, we may be seeing the more devastating effects of ransomware attacks as the tactics deployed become more targeted and potent.
iTNews Asia: How and why are ransomware-as-a-service (RaaS) models lowering the barriers for cybercriminals? What are the risks? How pernicious has been their impact?
Shabab: RaaS platforms essentially provide cybercriminals with an easy-to-use, ready-made tool for their ransomware campaigns, taking away the need for technical expertise to develop their own malicious code, as well as to create and manage the backend infrastructure.
It is also often more efficient and cost effective, as cybercriminals engaging such a service will no longer need to dedicate extensive time and resources to the development of the malware. This allows anyone – even individuals or groups with limited skills and resources, to deploy a ransomware campaign simply by paying for such a service.
iTNews Asia: Will organisations in the Asia Pacific be even further exposed to these RaaS platforms?
Shabab: With the tools to launch a ransomware attack made much more accessible, organisations in Asia Pacific can expect to be dealing with heightened hostility in the cyberthreat landscape.
Ransomware attacks will increase in volume and enhance in sophistication, making it particularly imperative for businesses to bolster their cyber resilience now more than ever before.
iTNews Asia: How do you see the impact of Agentic AI on ransomware attacks? Will the automation of cyberattacks further supercharge cybercrime?
Shabab: Agentic AI systems, which can reason autonomously and adapt in real time, will likely automate attack chains, from initial reconnaissance to the final extortion demands, executing them at speeds many times faster than human operators. AI-fueled Ransomware-as-a-Service platforms may empower even novice hackers to unleash polymorphic malware that mutates on the fly or deploys deepfake videos to blackmail executives.
This means that the speed and scale of ransomware attacks could be reaching unprecedented levels, and the victim count of these attacks in 2026 will likely explode as a result. In addition, the damage from these attacks may be a lot more severe. Equipped by generative AI, the tactics deployed will likely evolve toward insidious data tampering and reputational sabotage, which will make recoveries a lot more complex.
- Noushin Shabab, Lead Security Researcher, Global Research and Analysis Team, Kaspersky
iTNews Asia: What can governments and companies do to build their resilience? Where should they be investing in their cybersecurity defence?
Shabab: Companies can start by enabling dedicated protection across all endpoints. For non-industrial companies, implement anti-APT and EDR tools to enhance threat discovery, detection, investigation, and rapid incident remediation. Additionally, equip SOC teams with up-to-date threat intelligence and ongoing professional training to build a comprehensive defence strategy.
For organisations in the industrial sector, adopt a specialised ecosystem that combines OT-grade technologies, expert insights, and a native Extended Detection and Response (XDR) platform tailored for critical infrastructure. This would help provide robust network traffic analysis, endpoint protection, and response capabilities, bridging traditional IT security with industrial-specific measures to thwart sophisticated threats.
It is nevertheless important to acknowledge the challenges that resource constraints pose. SMEs, which make up a large bulk of businesses in Singapore and the wider APAC region, may not have adequate resources to invest in a robust cybersecurity system. This is where governments can serve as an enabling force – be it through offering some form of support for cybersecurity protection, or even training programmes to educate and better equip smaller businesses.
Afterall, a truly resilient cybersecurity ecosystem requires the sustained protection of every player.
