Awareness Isn’t Enough. Action Starts with You.
In February 2025, Australian fertility provider Genea was struck by a ransomware attack that led to nearly one terabyte of highly sensitive patient data, including medical histories and test results, being leaked onto the dark web. Just one month earlier, cybercriminals launched a global campaign targeting misconfigured Amazon S3 storage buckets. They encrypted the contents and demanded ransom payments for decryption, leaving affected users scrambling to recover valuable files. These events are not isolated disruptions. They are clear signals of how digital vulnerabilities are being exploited and how unprepared many still are.
You do not need to be an expert in cybersecurity to grasp the seriousness of what is happening. What matters is understanding the consequences and, more importantly, knowing what actions to take before it is too late.
Southeast Asia Is a Hot Zone
In 2024, organisations across Southeast Asia endured more than 135 thousand ransomware attacks. That equates to over 370 attempts every day, affecting industries, agencies, and institutions throughout the region.
The scale of the threat is no longer theoretical.
-
Indonesia recorded 57,554 attacks
-
Vietnam faced 29,282
-
The Philippines encountered 21,629
-
Thailand logged 13,958
-
Malaysia saw 12,643 cases, a sharp increase of 153 percent from the previous year
-
Even Singapore, often seen as a digital stronghold, was not spared, with 208 reported attacks
The message is clear. No country is immune, and no sector is safe. Cybercriminals are deliberately targeting healthcare, finance, retail, and essential public services. These are systems that cannot afford to be locked down and often feel pressure to resolve breaches swiftly, sometimes by paying.
What Is Ransomware
Ransomware is a type of malicious software that encrypts your data and holds it hostage. Victims are presented with a message demanding payment, usually in cryptocurrency, in exchange for a key to unlock their own files. In some cases, attackers double the threat by promising to leak sensitive information publicly if the ransom is not paid.
What makes ransomware particularly dangerous is how silently it spreads. It can travel through email links, infected files, or even fake software updates. Often, systems are compromised long before anyone realises what has happened.
It Starts with One Click
The beginning of a ransomware breach rarely looks dramatic. In fact, it usually starts with something ordinary: a single person clicking on a link, opening a harmless-looking file, or responding to a fake invoice that appears to come from inside the company. That one small action can open the door to a full-scale breach, bringing down systems, interrupting operations, and compromising data within minutes.
Regional Attacks That Hit Hard
Across Southeast Asia, recent incidents reveal how widespread and damaging these attacks have become.
-
In Indonesia, the National Data Centre was compromised in 2024, affecting over 160 government agencies and paralysing multiple public services.
-
In the Philippines, a health insurance provider had customer data stolen, exposing sensitive records and undermining public trust.
-
Malaysia saw disruptions to both a major transport operator and a retail pharmacy chain, delaying services and causing widespread inconvenience.
-
In Singapore, the law firm Shook Lin and Bok was hit by the Akira ransomware group. The attackers demanded and reportedly received a ransom of 1.89 million Singapore dollars in Bitcoin to restore access to the firm’s systems.
-
In Vietnam, a major brokerage firm and a fuel supplier were both attacked, disrupting financial transactions and logistics operations.
These are not small-scale events. They affect citizens, customers, and the ability of organisations to function. They also reinforce why action is no longer optional.
Not Just an IT Problem
There is a common belief that cybersecurity is solely the responsibility of the IT team. That belief is risky. It creates gaps in awareness and weakens the collective line of defence.
Cybersecurity is not a job title or a department. It is a shared responsibility and a daily practice. Just like locking your front door or checking your rear-view mirror before changing lanes, digital safety must become second nature. You do not wait to be reminded to do these things. You do them because they are part of how you live and work safely.
The same mindset must apply to how we handle digital threats.
Good Habits at the Personal Level
Protecting against ransomware begins with small but essential habits:
-
Make regular backups of important files and keep them stored separately from your main device.
-
Keep your systems and software updated. Delays in patching vulnerabilities are often the reason attacks succeed.
-
Use strong and unique passwords, and consider a password manager if needed.
-
Turn on two factor authentication to protect accounts even if your password is stolen.
-
Think before you click. If an email or message seems strange or rushed, verify it before opening any links or attachments.
-
Install and maintain reputable antivirus and threat detection tools to catch risks early.
At the Organisational Level
Preventing ransomware at scale requires organisations to embed cybersecurity into daily operations:
-
Train all employees regularly using real scenarios, not just general advice.
-
Restrict access to sensitive systems. Staff should only have access to what they truly need.
-
Segment networks to prevent an attack from spreading across the entire infrastructure.
-
Maintain backups that are safe from online threats and test their restoration process.
-
Run simulations and drills to ensure everyone knows their role during an incident.
-
Make cybersecurity part of company culture, not just part of compliance.
Cybersecurity Is a Shared Habit
Even the most advanced systems can be brought down by a single careless moment. The uncomfortable truth is that most ransomware attacks do not require brilliance on the attacker’s part; just a mistake on ours.
Every person who uses a computer, checks email, opens attachments, or manages a device is part of the risk. But they are also part of the solution. Everyone has a role in protecting what matters.
Security must become a habit that runs quietly and consistently in the background of our daily work.
The Real Test Is in the Ordinary
Ransomware is not stopped by one major decision made in a boardroom. It is stopped by tens, hundreds, or even thousands of smaller, mindful choices made by people across the organisation.
The real test is not how we respond after an attack. It is whether we made the right decisions before it ever happened. Whether we paused, questioned, and chose to act.
Because in the end, cybersecurity is not about fear. It is about responsibility.
Brief History of Ransomware
1989: The First Case
The AIDS Trojan, the world’s first ransomware, was distributed via floppy disk at a WHO conference. After 90 system reboots, it locked users out of their computers and demanded payment via postal mail to a Panama PO box.
Mid 2000s: Online Spread Begins
Ransomware started moving through the internet, often via malicious email attachments. It began affecting individuals and small businesses across the globe.
2010s: Ransomware as a Service
The model evolved. Attackers began offering ransomware kits for rent, allowing anyone to launch attacks, even without technical skill.
2017: Global Wake Up Call
WannaCry swept through 150 countries, freezing systems in hospitals and corporations. NotPetya followed, causing billions in damages to global businesses like Maersk and Merck. These were the attacks that made ransomware a boardroom issue.
Now: Strategic, Global, Ruthless
Modern ransomware operations are highly organised. They use double extortion tactics, rent out infrastructure, and negotiate payments through customer support portals. It is a professional business model and it is still growing.