Singapore sees surge in ransomware attacks during holidays, Semperis study finds

Singapore organisations continue to face heightened ransomware risks during holidays and weekends, according to new findings from Semperis. The company released its latest global study on 24 November, highlighting that 59% of ransomware incidents in Singapore occurred during public holidays, a rate higher than the US, UK and Australia/New Zealand.

The report shows that attackers deliberately strike when security teams are operating with reduced manpower. Semperis noted that close to 80% of companies globally scale back security operations during holidays and weekends, creating gaps that ransomware groups are quick to exploit.

Gerry Sillars, Semperis Vice President for APAC and Japan, said organisations should expect attackers to intensify activity during these vulnerable periods. “The holidays may bring downtime for companies, but cybercriminals don’t take days off. With nearly 80% of companies reducing security team staffing on weekends and holidays, even more vigilance is needed especially when it comes to protecting identity systems. It is essential for organisations to protect their most critical assets and it starts with Active Directory and other hybrid identities because they are the crown jewels of the enterprise,” he said.

Corporate events becoming new attack targets

Beyond holiday periods, the study found that ransomware groups are increasingly targeting organisations during major business transitions. These include mergers and acquisitions, layoffs, and other corporate events that tend to stretch operational resources.

In Singapore, 79% of ransomware attacks took place after a material corporate event. Of those impacted, 63% reported attacks following a merger or acquisition, while 57% experienced incidents after layoffs or redundancies. Semperis noted that these moments create disruption within organisations, making it easier for attackers to take advantage of reduced oversight.

Gaps in identity security strategies

Identity systems continue to be a prime target for ransomware groups, and the study suggests that while organisations are ramping up detection capabilities, many still fall behind in response readiness.

In Singapore, 96% of respondents said their identity threat detection and response (ITDR) plans allow them to detect vulnerabilities. However, only 39% have clear procedures for remediation, revealing a significant gap between detection and action.

The report also highlighted several reasons why companies reduce security operations during holidays. In Singapore, 67% said they prioritise employee work-life balance, 49% noted their businesses were closed during these periods, and 30% did not expect to be attacked.

Semperis said the growing sophistication of ransomware groups means organisations must strengthen identity system resilience, especially in hybrid and multi-cloud environments where attackers often search for weak links.

The findings are part of the 2025 Holiday Ransomware Risk Report, which analysed responses from organisations across Singapore, the US, Canada, the UK, Europe, Australia and New Zealand. The company said the full study includes additional breakdowns by industry sector and geography.