Netcrook Logo
👤 NEONPALADIN
🗓️ 24 Nov 2025   🗂️ Cyber Warfare    

Ransomware on the Rise: Thegentlemen Target Vietnam and Singapore’s Business Giants

A wave of ransomware attacks by the group known as Thegentlemen disrupts major firms in Vietnam and Singapore, exposing the growing risks to Southeast Asia’s economic engines.

Fast Facts

  • Thegentlemen ransomware group claimed attacks against at least five major companies in Vietnam and Singapore in late November 2025.
  • Victims include Singapore City Development Company Limited (SINGCONS), Kim Dental, NBCAPITAL, AiHealth, and Pacific Holdings Group JSC.
  • Targeted sectors span construction, real estate, healthcare, investment, and medical services.
  • Attacks were publicly disclosed via ransomware leak sites, but it’s unclear if ransom demands were met or data was released.
  • Ransomware.live serves only as an index and does not host or distribute stolen data.

Criminal Code Red: Southeast Asia’s Corporate Networks Under Siege

Imagine the heart of bustling Southeast Asian cities - cranes whirring above new developments, clinics humming with patients, and investment firms orchestrating the financial growth of entire regions. Suddenly, a silent digital adversary slips inside, locking up vital files and demanding a digital ransom. This is the new reality for a swath of prominent Vietnamese and Singaporean companies, all recently ensnared by the ransomware group known as Thegentlemen.

On November 24, 2025, multiple companies found themselves thrust into the harsh spotlight of ransomware leak sites. Among the most notable targets: Singapore City Development Company Limited (SINGCONS), a heavyweight in regional real estate and construction; Kim Dental and Pacific Holdings Group, both central to Vietnam’s sprawling healthcare infrastructure; NBCAPITAL, a major investment player; and AiHealth, a digital healthcare provider. While each operates in a different sector, their digital defenses were breached in similar fashion, underscoring just how indiscriminate and pervasive modern ransomware attacks have become.

Behind the Attack: Thegentlemen’s Tactics and Regional Impact

Thegentlemen are part of a new breed of ransomware groups that combine technical savvy with the cold calculus of organized crime. Their modus operandi is simple yet devastating: infiltrate a company’s network, encrypt critical files, and then threaten to leak sensitive data unless a ransom is paid - a technique known as “double extortion.” This approach has been seen in global attacks such as those on Colonial Pipeline (2021) and the Irish Health Service (2021), but its appearance in Southeast Asia signals a worrying expansion.

These groups often exploit weak points in security, such as outdated software or poorly protected remote access systems. Once inside, they move laterally - like burglars checking every door in a mansion - seeking out the most valuable digital assets. For companies like SINGCONS, whose operations span real estate, infrastructure, and property management, even a brief disruption could ripple through city economies. Healthcare targets like Kim Dental and Pacific Holdings risk exposing patient data, threatening both privacy and critical care delivery.

While details of the ransom demands remain undisclosed, the public listing of these companies on ransomware leak sites is a form of high-stakes pressure. It puts corporate reputations at risk and forces management into a difficult dilemma: pay the criminals, or risk operational chaos and data exposure.

Asia’s Ransomware Reckoning

The rise in attacks across Vietnam and Singapore reflects a broader global trend. IBM’s X-Force Threat Intelligence Index has repeatedly flagged Asia-Pacific as the world’s most targeted region for ransomware, largely due to its rapid digitalization and booming economy. As more companies migrate their operations online, the attack surface for cybercriminals expands - and so does the potential fallout from successful breaches.

Thegentlemen’s campaign is a stark reminder: digital transformation brings not only opportunity, but new vulnerabilities. For business leaders and governments alike, the challenge now is to shore up cyber defenses before the next wave of attacks arrives.

When digital locks snap shut on the engines of economic growth, it’s not just files that are held hostage - it’s trust, reputation, and the promise of progress. In the shadowy world of ransomware, vigilance is now a matter of survival.

WIKICROOK

  • Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
  • Double Extortion: Double extortion is a ransomware tactic where attackers both encrypt files and steal data, threatening to leak the data if the ransom isn’t paid.
  • Leak Site: A leak site is a website where cybercriminals post or threaten to post stolen data to pressure victims into paying a ransom.
  • Encryption: Encryption transforms readable data into coded text to prevent unauthorized access, protecting sensitive information from cyber threats and prying eyes.
  • Attack Surface: An attack surface is all the possible points where an attacker could try to enter or extract data from a system or network.
Ransomware Southeast Asia Thegentlemen
NEONPALADIN NEONPALADIN
Cyber Resilience Engineer
← Back to news