Cybersecurity company Palo Alto Networks has raised concerns over the growing threat of ransomware in the Philippines, as outlined in its latest Unit 42 Extortion and Ransomware Trends report. Covering incidents from January to March this year, the report shows how ransomware continues to disrupt online services and encrypt sensitive data, affecting critical systems and stopping business operations until ransoms are paid or systems are restored.
The company warned that with millions of cyber threats detected daily in the country, the threat of ransomware needs urgent and coordinated attention.
According to Palo Alto Networks, more organizations in the Asia-Pacific and Japan region are focusing on their cybersecurity posture and are now able to detect attacks earlier. This shift has led to a rise in incident response cases that are contained at the stage where attackers are only beginning to access networks. However, despite these efforts, ransomware and extortion campaigns continue to succeed at a significant rate.
Unit 42 researchers noted that threat actors are now using more intense and targeted methods to pressure victims into paying. These tactics go beyond the usual file encryption, often involving fake data, physical ransom notes sent to executives’ homes, and the disabling of security systems.
“We’re seeing a clear shift in how ransomware and extortion actors operate globally and across the Asia-Pacific and Japan region,” said Philippa Cogswell, vice president and managing partner, Unit 42, Asia-Pacific & Japan, Palo Alto Networks. “Attackers are shifting from traditional encryption tactics to more aggressive and manipulative methods, including false claims, insider access, and tools that disable security controls.”
She also noted that these new and evolving tactics show just how critical it is for organizations to move beyond reactive defences and invest in security strategies that provide full visibility and rapid response across their environments.
The report highlighted that the manufacturing sector continues to be the most targeted industry, a trend that has been consistent for several years. This is followed by the wholesale and retail sector, and then the professional and legal services industry. In terms of location, organizations based in the United States, Canada, the United Kingdom, and Germany were the most targeted.
Another trend noted in the report is the use of “EDR killers,” tools designed to disable endpoint security sensors. Attackers are also focusing more on cloud systems. North Korean operatives were found using AI-generated identities to pose as remote IT workers. These fake workers gained access to company systems, stole sensitive code, and threatened to leak it unless paid.
RansomHub, a ransomware variant first spotted in mid-2024, was identified as the most active during the first quarter of 2025.
Palo Alto Networks advised that to keep up with these evolving threats, organizations must invest in proactive threat detection, use AI-driven security tools, and build stronger collaboration across industries.
Get the latest before it trends. Follow Back End News on LinkedIn, Facebook, X, YouTube, and TikTok for updates and in-depth coverage across the tech and security landscape.