Jakarta, INTI - Ransomware is reportedly becoming a cyber threat concern for Micro, Small, and Medium Enterprises (MSMEs) in Southeast Asia.
The proportion of MSMEs in the region targeted by ransomware attacks reached 3.51% in the first quarter (Q1) of 2026. This is an increase from 2.92% in Q1 of 2025.
The most significant increases occurred in Indonesia and India. In Indonesia, the percentage of MSMEs targeted by ransomware attacks increased from 2.83% in Q1 of 2025, to 4.01% in Q1 of 2026. Meanwhile, the figure in India rose from 3.18% to 4.07%. Singapore and Malaysia also recorded increases, to 0.69% and 2.74%, respectively.
Kaspersky Noted that Data Backup is Not Enough
These figures are the latest data and findings from Kaspersky, a cybersecurity and antivirus provider company from Russia.
Kaspersky security expert Fedor Sinitsyn said the figures do not fully reflect the scale of the ransomware threat. This is because many attacks are stopped at an early stage, like reconnaissance or gaining initial access. Therefore, many attacks are not captured in metrics that only measure attacks up to the file encryption stage.
Sinitsyn explained that ransomware attackers continue to evolve their attack strategies. Therefore, backup alone is no longer sufficient to protect user data. Attackers now frequently use the double extortion method, stealing victims' data, encrypting files, and then threatening to release victims’ sensitive information.
Ransomware Groups
Kaspersky also revealed three of the most active ransomware groups, namely Clop as the most active ransomware group, contributing 14.42% of the victims recorded on dedicated leak sites (DLS). Qilin group came in second with 12.34%, while The Gentlemen came in third.
Kaspersky APJ Managing Director, Adrian Hia, said that MSMEs are attractive targets for cybercriminals because they generally have limited resources to build dedicated security teams. MSMEs’ systems can also be exploited as entry points to attack larger companies through the supply chain.
To strengthen protection, Kaspersky recommends that MSMEs regularly update their software, monitor outbound traffic for suspicious activity, provide secure offline data backups, and use security solutions such as Endpoint Detection and Response (EDR).
Conclusion
Ransomware threats against MSMEs in Southeast Asia are increasing, with the proportion of targeted attacks rising to 3.51% in Q1 of 2026 from 2.92% in Q1 of 2025. Kaspersky noted that many attacks are stopped before data encryption is achieved. Because MSMEs have limited security resources and can act as entry points to larger companies through the supply chain, Kaspersky recommends software updates, outbound traffic monitoring, offline backups, and the use of security solutions such as Endpoint Detection and Response (EDR).
Read more: ION Speeds Up Indonesia's Digital Public Infrastructure Development with Google.org Support