Thailand has emerged as a significant target for sophisticated ransomware attacks, with a dramatic 240% increase in cyber campaigns recorded in 2024 compared to the previous year. This surge reflects heightened geopolitical tensions and strategic interest in Thailand’s expanding digital economy, which has created a fertile ground for cyber threat actors seeking financial gain or intelligence. Cyfirma researchers noted that LockBit3 operators carefully select their targets in Thailand, often performing extensive reconnaissance and data exfiltration before deploying encryption payloads, maximizing both ransom potential and double-extortion leverage through threats to publish stolen data on leak sites. Their analysis reveals a complex threat landscape dominated by both state-sponsored Advanced Persistent Threats (APTs) and cybercriminal organizations, with prominent actors including MISSION2025, Lazarus Group, and TA505 demonstrating sustained interest in Thai organizations. According to recent data, ransomware victims in Thailand increased fivefold from 2022 to 2023, with 35 confirmed victims, while 2025 has already recorded 8 victims as of April. Verizon's 2025 Data Breach Investigations Report (DBIR) has revealed a disturbing trend: small and medium-sized businesses (SMBs) have become disproportionately targeted by ransomware attacks. These attacks predominantly target web applications, operating systems, and databases, demonstrating the threat actors’ focus on compromising core infrastructure and customer-facing assets that contain valuable data. Cyfirma researchers have identified that over 70% of threat actors targeting Thailand originate from China and Russia, with significant contributions from North Korean groups as well. The nation’s position as a regional financial hub and its rapid digital transformation have inadvertently exposed critical infrastructure to exploitation, creating vulnerabilities that malicious actors actively exploit. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The ransomware landscape in Thailand has evolved significantly since early 2023, with attacks becoming more targeted and technically advanced. The ransomware then enumerates network resources using Windows Management Instrumentation (WMI) queries and leverages tools like Mimikatz for credential harvesting before encrypting files with robust RSA-2048 and AES-256 algorithms. The most alarming finding from Cyfirma’s investigation is the dominance of LockBit3, which accounts for over 52.78% of all ransomware activity targeting Thailand. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Other active groups like RansomHub and Qilin represent the expanding Ransomware-as-a-Service (RaaS) ecosystem, enabling even low-skilled attackers to deploy sophisticated malware.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 25 Apr 2025 05:50:11 +0000