Ransomware Pressures MSMEs Across Southeast Asia, Indonesia and India Feel the Strain

Ransomware pressure on MSMEs in Southeast Asia has risen again, and the latest numbers suggest Indonesia and India are now among the hardest-hit markets. In the first quarter of 2026, 3.51% of MSMEs in the region were targeted, up from 2.92% in the same period a year earlier.

The increase is more visible in Indonesia and India than in several neighboring markets. Indonesia climbed from 2.83% to 4.01%, while India moved from 3.18% to 4.07% over the same period.

Country-by-Country Shift in MSME Ransomware Targets

CountryQ1 2025Q1 2026Change
India3.18%4.07%Up
Indonesia2.83%4.01%Up
Malaysia2.09%2.74%Up
Philippines2.46%1.80%Down
Singapore0.57%0.69%Up
Thailand1.28%1.12%Down
Vietnam2.91%2.56%Down
Southeast Asia2.92%3.51%Up

Kaspersky said the figures may still understate the real scale of the threat. The dataset only captures the final stage of an attack, when an encryption Trojan has already been deployed, while incidents stopped earlier are not counted.

Why the Numbers Matter Beyond a Simple Percentage Increase

The trend points to a broader shift in how ransomware groups are operating. Mediaindonesia.com reported that Clop remained the largest contributor on dedicated leak sites, accounting for 14.42% of total victims, followed by Qilin at 12.34%.

A newer group called The Gentlemen has also drawn attention after quickly rising to third place. The group first appeared in July 2025 and is described as using specialized tools to collect information quietly before encrypting data.

It is also suspected of working with Initial Access Brokers to enter organizational networks with minimal effort. That approach suggests modern attacks are no longer focused only on locking files, but also on reconnaissance and initial access that are harder to detect.

Backups Alone Are No Longer Enough

Fedor Sinitsyn, a security expert at Kaspersky, warned that backups can no longer be treated as the only line of defense. He said modern attackers increasingly use double extortion, which means they not only encrypt files but also threaten to publish stolen confidential data.

Adrian Hia, Managing Director for Asia Pacific at Kaspersky, said MSMEs are frequent targets because many lack the cybersecurity resources of larger companies. He added that attackers often see small businesses as a gateway into larger supply chains.

That is why Kaspersky is urging MSMEs to strengthen defenses in layers rather than rely on a single control. Its recommendations include regular software updates, detection of lateral movement and data exfiltration, advanced protection tools such as Anti-APT and EDR, offline backups, and incident response plans that also consider supply chain risk.

For many small businesses in the region, the challenge is no longer limited to lost files. The growing threat now touches operations, customer trust, and the wider business networks that MSMEs often depend on.

Source: mediaindonesia.com
Related