• Home
  • cyber
  • Singapore: Ransomware groups surge as July attacks hit Singapore
cyber Ransomware

Singapore: Ransomware groups surge as July attacks hit Singapore

Jul 1, 2025 2 min read
Singapore: Ransomware groups surge as July attacks hit Singapore

Singapore Hit by Mid-2025 Ransomware Surge, ThreatBook Report Reveals

Singapore experienced a significant spike in ransomware attacks in 2025, with incidents peaking in July, according to ThreatBook’s 2025 Singapore Threat Intelligence Report. The technology and finance sectors were the hardest hit, though manufacturing and government entities also faced severe disruptions. The surge aligned with the exploitation of newly disclosed global software vulnerabilities, which threat actors leveraged to launch coordinated campaigns.

Five ransomware groups dominated the landscape: Qilin, DireWolf, Lynx, DevMan, and Akira. Each employed distinct tactics while uniformly using double extortion encrypting systems and exfiltrating data to dark web leak sites for additional leverage.

  • Qilin targeted large enterprises, using Office macros and Cobalt Strike for initial access, then deploying credential-stealing tools and PowerShell scripts for lateral movement.
  • DireWolf focused on manufacturing and industrial systems, combining encryption with public data leaks to maximize pressure.
  • Lynx pursued high-value businesses across sectors, relying on phishing, malware downloads, and social engineering to steal data before encryption.
  • DevMan specialized in energy and industrial firms, encrypting files offline and deleting backups to cripple recovery efforts.
  • Akira operated across manufacturing, healthcare, blockchain, and transport, exploiting VPN vulnerabilities and phishing while using segmented encryption and multi-mode data theft.

Common attack vectors included phishing emails, malicious documents, and exposed remote access tools like RDP and VPNs. Once inside, threat actors moved laterally using legitimate administrative tools such as SMB, PsExec, AnyDesk, and RustDesk, blending in with normal network activity to evade detection. The report underscores the growing sophistication of ransomware operations, with attackers increasingly tailoring their methods to specific industries.

Source: https://sbr.com.sg/news/ransomware-groups-surge-july-attacks-hit-singapore

Cyber Security Agency of Singapore (CSA) cybersecurity rating report: https://www.rankiteo.com/company/cyber-security-agency-of-singapore-csa-

"id": "CYB1774326317",
"linkid": "cyber-security-agency-of-singapore-csa-",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"
{'affected_entities': [{'industry': ['Technology',
                                     'Finance',
                                     'Manufacturing',
                                     'Government'],
                        'location': 'Singapore',
                        'type': 'Enterprise'}],
 'attack_vector': ['Phishing emails',
                   'Malicious documents',
                   'Exposed remote access tools (RDP, VPN)'],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Corporate and sensitive data'},
 'date_detected': '2025-07',
 'date_publicly_disclosed': '2025',
 'description': 'Singapore experienced a significant spike in ransomware '
                'attacks in 2025, with incidents peaking in July. The '
                'technology and finance sectors were the hardest hit, though '
                'manufacturing and government entities also faced severe '
                'disruptions. The surge aligned with the exploitation of newly '
                'disclosed global software vulnerabilities, which threat '
                'actors leveraged to launch coordinated campaigns.',
 'impact': {'data_compromised': True,
            'operational_impact': 'Severe disruptions',
            'systems_affected': True},
 'motivation': 'Financial gain (ransom), data extortion',
 'post_incident_analysis': {'root_causes': 'Exploitation of newly disclosed '
                                           'global software vulnerabilities, '
                                           'phishing, exposed remote access '
                                           'tools, and lateral movement using '
                                           'legitimate administrative tools'},
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': ['Qilin',
                                      'DireWolf',
                                      'Lynx',
                                      'DevMan',
                                      'Akira']},
 'references': [{'source': 'ThreatBook’s 2025 Singapore Threat Intelligence '
                           'Report'}],
 'threat_actor': ['Qilin', 'DireWolf', 'Lynx', 'DevMan', 'Akira'],
 'title': 'Singapore Ransomware Surge Mid-2025',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Newly disclosed global software vulnerabilities'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.