%22%3E%0A%3Cpath%20d%3D%22M412%20101.2H393.7C393.1%20101.2%20392.3%20100.9%20391.8%20100.5C377.3%2087.6004%20362.9%2074.6004%20348.4%2061.6004C344.8%2058.4004%20341.3%2055.2004%20337.7%2052.0004C337.1%2051.5004%20336.2%2051.1004%20335.5%2051.0004C334.2%2050.8004%20333%2051.0004%20331.5%2051.0004V101.1H316.7V0.100391H331.4V44.3004C331.9%2044.3004%20332.2%2044.4004%20332.5%2044.4004C334.9%2044.4004%20337.2%2044.5004%20339.6%2044.4004C340.4%2044.4004%20341.3%2044.0004%20341.8%2043.5004C351.6%2034.4004%20361.4%2025.2004%20371.1%2016.0004C376.5%2010.9004%20381.9%205.90039%20387.3%200.800391C387.9%200.200391%20388.5%200.000390626%20389.3%200.000390626H400.9C384.2%2015.8004%20367.8%2031.3004%20351.2%2047.0004C371.5%2065.0004%20391.8%2082.9004%20412.1%20100.9C412.1%20101%20412.1%20101.1%20412%20101.2ZM180.9%20101.2C184.1%2094.9004%20187.2%2088.9004%20190.3%2082.8004C198.3%2067.3004%20206.2%2051.8004%20214.2%2036.2004C220.3%2024.4004%20226.4%2012.5004%20232.4%200.700391C232.7%200.100391%20233%20-0.0996094%20233.7%20-0.0996094H248.1C248.8%20-0.0996094%20249.2%200.100391%20249.6%200.800391C256%2013.3004%20262.4%2025.7004%20268.8%2038.2004C279.3%2058.6004%20289.8%2079.0004%20300.3%2099.5004C300.5%20100%20300.8%20100.4%20301.1%20101.1C300.5%20101.1%20300.1%20101.2%20299.7%20101.2H286.5C285.6%20101.2%20285.1%20100.9%20284.7%20100.2C280.1%2091.3004%20275.4%2082.4004%20270.8%2073.4004C270.1%2072.1004%20269.3%2071.6004%20267.8%2071.6004H209.9C208.7%2071.6004%20208.1%2072.0004%20207.5%2073.1004C202.9%2082.1004%20198.2%2091.0004%20193.6%20100C193.1%20101%20192.6%20101.3%20191.5%20101.3C188.4%20101.2%20185.3%20101.3%20182.3%20101.3C182%20101.2%20181.6%20101.2%20180.9%20101.2ZM239.1%2011.4004C230%2029.2004%20221.1%2046.7004%20212.1%2064.3004H266.4C257.2%2046.7004%20248.2%2029.2004%20239.1%2011.4004ZM0%200.000390626H43.4C51.2%200.000390626%2058.7%201.20039%2065.7%204.80039C75.9%2010.0004%2078.9%2018.0004%2078.6%2027.4004C78.3%2034.3004%2076%2040.5004%2071.2%2045.5004C67.3%2049.6004%2062.4%2052.3004%2057.1%2054.3004C50.6%2056.7004%2043.9%2058.0004%2037.1%2058.6004C30.1%2059.2004%2023.1%2059.4004%2016.2%2059.7004C15.8%2059.7004%2015.3%2059.8004%2014.8%2059.8004V101.1H0.1C0%2067.4004%200%2033.8004%200%200.000390626ZM14.8%207.10039V52.2004C23.7%2052.4004%2032.6%2052.3004%2041.2%2050.1004C44.4%2049.3004%2047.6%2048.2004%2050.6%2046.7004C58.4%2043.0004%2062.3%2036.7004%2062.7%2028.0004C63%2019.9004%2059.5%2014.1004%2052.4%2010.5004C47.6%208.00039%2042.5%207.10039%2037.2%207.10039H14.8ZM95.9%20101.1V0.100391H167.3V7.20039H110.7V44.7004H158.1V51.9004H110.8V93.9004H171.1V101C146.1%20101.1%20121%20101.1%2095.9%20101.1Z%22%20fill%3D%22black%22%2F%3E%0A%3Cpath%20d%3D%22M35.0004%2025.7996H42.5004V20.6996H44.8004V33.1996H42.6004V27.5996H34.9004V33.2996H32.7004V20.7996H35.0004V25.7996ZM54.4004%2025.8996V27.2996H48.9004V31.6996H55.9004C55.9004%2032.1996%2056.0004%2032.5996%2056.0004%2033.0996H46.5004V20.5996H55.5004V21.8996H49.0004V25.7996C50.7004%2025.8996%2052.5004%2025.8996%2054.4004%2025.8996ZM25.9004%2033.0996H23.5004V21.9996H17.9004V20.6996H31.6004V22.0996H27.1004C26.2004%2022.0996%2025.9004%2022.2996%2025.9004%2023.1996C26.0004%2026.0996%2025.9004%2028.9996%2025.9004%2031.7996V33.0996Z%22%20fill%3D%22black%22%2F%3E%0A%3C%2Fg%3E%0A%3Cdefs%3E%0A%3CclipPath%20id%3D%22clip0_388_462%22%3E%0A%3Crect%20width%3D%22411%22%20height%3D%22101.2%22%20fill%3D%22white%22%2F%3E%0A%3C%2FclipPath%3E%0A%3C%2Fdefs%3E%0A%3C%2Fsvg%3E%0A)
New Semperis Ransomware Risk Report reveals common patterns that cybercriminals exploit
Semperis’ 2025 Holiday Ransomware Risk Report reveals that ransomware activity is far from random, as cybercriminals consistently strike during holidays, weekends, and major organisational transitions.
By Jamie Wong JM /
Cybercriminals have long been known to strike when defences are down, but new findings from cybersecurity company, Semperis’ 2025 Holiday Ransomware Risk Report suggest that activity can be predicted. The global study, which examined attack patterns across Singapore, the U.S., Canada, Europe, the UK, Australia, and New Zealand, reveals that ransomware operators most often time their attacks to coincide with holidays and weekends, as well as major corporate events such as mergers, acquisitions, and layoffs.
One of the report’s earliest observations is the steady rise in attacks during holiday periods, when security staffing is reduced. Globally, 52% of ransomware incidents happen during holidays. Singapore stands out even more starkly, with 59% of attacks striking local organisations during these periods.
This vulnerability stems largely from changes in local trends in company closures. A significant 78% of companies reduce their security operations centre (SOC) manpower by half or more on holidays and weekends, and 6% cut SOC coverage entirely. The intention behind these decisions is understandable: two in three organisations in Singapore do so to support employee work-life balance, and nearly half close entirely on public holidays, granting staff time off. For 30% of organisations, this decision is partially driven by organisations simply not believing threats will occur during these times. But the high proportion of attacks is a clear indication that cybercriminals are watching, and exploiting these assumptions.
Yet even these rest-related vulnerabilities pale in comparison to the risks posed by corporate material events. Semperis’ report shows that in Singapore, eight in ten ransomware attacks occur following major organisational changes, with mergers and acquisitions (M&A) representing the most common trigger. Layoffs and restructurings rank second. As teams grapple with shifting governance structures, merged identity systems, and operational uncertainty, attackers find ideal conditions to plant or activate ransomware.
“Corporate material events such as mergers and acquisitions often create distractions and ambiguity in governance and accountability — exactly the environment ransomware groups thrive on,” said Chris Inglis, Former US National Cyber Director and Semperis Strategic Advisor. “Worse, organizations are under intense pressure to sustain operations while transforming their form and protocols during an IPO or merger and cannot afford downtime, making them more likely to pay quickly to restore operations.”
Rather than discouraging well-deserved time off or delaying important corporate milestones, Semperis recommends that organisations plan intentionally around these predictable high-risk periods. Third-party monitoring services, coordinated cross-team communication, and robust identity system protections are among the key practices highlighted.
In an increasingly hostile cyber environment, companies cannot afford complacency. At the same time, overburdening teams is not the answer. This would only create new vulnerabilities. The path forward lies in thoughtful preparation and continuous vigilance, especially during moments when the business is busiest, or formally on break.