MANILA, Philippines (Mar 2026) — A ransomware group has been quietly targeting hospitals, government offices, and even small Pacific island nations since 2023, and security experts say the attacks are succeeding not because hackers are getting smarter, but because basic defenses are still missing.
The INC Ransom group has been actively going after organizations across Australia, New Zealand, and Pacific Island states, with activity picking up significantly in 2025. Their method is what the industry calls double extortion: steal sensitive data first, encrypt it second, then demand payment under the threat of publishing everything publicly.
Healthcare has become a prime target. Shane Barney, Chief Information Security Officer at Keeper Security, explains why. “Healthcare networks often sit at the intersection of critical infrastructure, sensitive data, and operational urgency,” he said. “When patient care is at stake, the pressure to restore systems quickly is intense, which makes double extortion tactics more effective.”
Even smaller nations are not being spared. Barney notes that attackers do not scale their ambitions by a country’s size — they go after opportunity. Smaller nations with centralized, resource-limited infrastructure can be proportionally more vulnerable, and their capacity to respond to an incident is often more limited than larger economies.
What makes INC Ransom particularly concerning is how unremarkable their methods are. They are not using exotic exploits or cutting-edge tools. Compromised credentials and exposed services remain their primary entry points. “Ransomware groups continue to succeed not because they’re innovative, but because identity management gaps persist,” Barney said.
The broader picture across Asia-Pacific
The INC Ransom threat is part of a larger pattern. According to IBM’s X-Force Threat Intelligence Index 2026, the Asia-Pacific region is the second most attacked region in the world, and artificial intelligence is making things worse by helping attackers find and exploit vulnerabilities faster than most organizations can respond.
Takanori Nishiyama, SVP APAC and Japan Country Manager at Keeper Security, points out that despite the AI-assisted escalation, the underlying attack methods have not changed much. Hackers still get in through stolen credentials, then use privileged accounts to move through networks, escalate access, and reach sensitive data.
Keeper Security’s own 2025 research found that organizations in Asia-Pacific face the steepest challenges in implementing Privileged Access Management, a security approach designed to lock down administrative accounts and sensitive systems. The gaps are striking. In New Zealand, only 64 percent of organizations reported using a PAM solution, and some still manage passwords through shared spreadsheets. In Japan, 16 percent of organizations have no formal password management strategy at all.
“Privileged credentials effectively act as keys to the kingdom within modern IT environments,” Nishiyama said, “allowing attackers to disable security controls or access sensitive data once compromised.”
What organizations can do now
Both experts point to the same core recommendation: strengthen identity security before anything else. That means enforcing strong authentication, auditing who has access to what, and implementing centralized password and access management across the organization.
The attacks are getting more automated and more frequent. The defenses, experts say, do not need to be complicated — they just need to actually be in place.
