Ransomware against Thai businesses: targeted and precise, says Kaspersky

In the first half of 2025, ransomware continued to impact a relatively small portion of business users in Thailand, consistent with global trends that reflect ransomware attackers’ deliberate targeting of high-value organisations rather than indiscriminate mass attacks.

While only 0.19% of Kaspersky enterprise users in the country were hit by this threat, the seemingly small percentage is typical for ransomware and is explained by the fact that attackers often don’t distribute this type of malware on a mass scale, but prioritise high-value targets, which reduces the overall number of incidents.

Overall, 0.25% of Kaspersky enterprise users in Southeast Asia were targeted by ransomware between January to June this year.

The global cybersecurity company also revealed the top 5 ransomware families eyeing enterprises of various sizes in Southeast Asia. This includes:

•    Trojan-Ransom.Win32.Wanna
•    Trojan-Ransom.Win32.Gen
•    Trojan-Ransom.Win32.Crypmod
•    Trojan-Ransom.Win32.Crypren
•    Trojan-Ransom.Win32.Encoder

These types of Trojans modify data on the victim's computer so that the victim can no longer use the data, or they prevent the computer from running correctly. Once the data has been “taken hostage” (blocked or encrypted), the user will receive a ransom demand. The ransom demand tells the victim to send the malicious user money; on receipt of this, the cybercriminal will send a program to the victim to restore the data or restore the computer’s performance.

Earlier this year, Kaspersky also revealed that businesses and organisations in Thailand faced an average of 39 ransomware attempts per day throughout 2024, totalling 13,958 blocked attacks by Kaspersky’s cybersecurity solutions last year.

“Thailand’s minor share of users targeted by ransomware in the first half of 2025 is a clear reflection of a global shift in ransomware tactics, as cybercriminals focus on highly-targeted, precise campaigns against high-value organisations.

This trend directly challenges the accelerated digital transformation of the country and its goal of becoming a regional digital hub, as expanding digital infrastructure creates more lucrative targets,” says Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

“The continued presence of widespread ransomware and attempts to attack seen since last year underscore the urgent need for Thai enterprises to move beyond basic security, prioritising advanced threat intelligence, targeted defence strategy, and comprehensive threat detection and incident response capabilities,” adds Hia.

To stay protected from ransomware attacks, Kaspersky experts recommend organisations follow these best practices to safeguard from ransomware:

•    Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.

•    Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network.

•    Focus your defence strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals’ connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency.

•    Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within the Kaspersky Expert Security framework.

•    Use the latest Threat Intelligence information to stay aware of the actual Tactics, Techniques, and Procedures (TTPs) used by threat actors.

•    To protect the company against a wide range of threats, use solutions from Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organisations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing.