A newly emerged ransomware group, Global, has swiftly established itself as a significant threat in the cyber landscape. Since its first appearance in June 2025, Global has claimed responsibility for multiple attacks, including several in the Asia-Pacific (APAC) region. The group's rapid rise and aggressive tactics have raised concerns among cybersecurity experts and organisations alike.

Who is Global?

Global is a relatively new entrant in the ransomware arena, first identified in June 2025. Despite its recent emergence, the group has already been linked to a series of attacks across various sectors. While specific details about the group's origins and affiliations remain scarce, its activities suggest a well-organised operation with a clear focus on financial gain through data encryption and extortion.

Victims in the APAC Region

Global's activities have not been confined to a single region, with several notable incidents reported in the APAC area:

• Siamgas and Petrochemicals Public Company Limited (Thailand): A leading energy company, Siamgas, experienced a ransomware attack attributed to Global, highlighting the group's interest in critical infrastructure sectors.
  
  
• Feng Chia University (Taiwan): This prominent educational institution was targeted, indicating Global's willingness to disrupt academic and research environments.
  
  
• Gmax Equine (New Zealand): A company specialising in equine technology solutions, Gmax Equine's systems were compromised, reflecting the group's diverse targeting strategy.
  
  

These incidents underscore Global's broad targeting approach, affecting various industries and services across the region.

How they work?

Global employs a double extortion technique, encrypting victims' data while simultaneously threatening to release sensitive information publicly if ransom demands are not met. This strategy increases pressure on victims to comply, as the potential reputational damage adds to the operational disruption caused by data encryption.

The group is known to utilise sophisticated malware and exploit vulnerabilities in systems to gain initial access. Once inside, they deploy encryption tools and exfiltrate data, often leaving behind ransom notes with instructions for payment and communication.

Implications for Australian Organisations

Australia has witnessed a significant rise in ransomware attacks, with a reported 80% increase in incidents in 2023 compared to the previous year. Given Global's activities in neighbouring countries and its indiscriminate targeting, Australian businesses and institutions should remain vigilant.

Recommended Defensive Measures

To mitigate the risk posed by groups like Global, organisations should consider the following actions:

1. Regular Data Backups: Maintain up-to-date backups stored offline to ensure data recovery without paying ransoms.
   
   
2. Patch Management: Promptly apply security patches to address known vulnerabilities that could be exploited.
   
   
3. Employee Training: Educate staff on recognising phishing attempts and other common attack vectors.
   
   
4. Network Segmentation: Implement network segmentation to limit the spread of malware within the organisation.
   
   
5. Incident Response Planning: Develop and regularly update an incident response plan to ensure a swift and coordinated reaction to any breaches.
   
   

Staying informed about emerging threats and maintaining robust cybersecurity practices are essential steps in defending against ransomware groups like Global.