Singapore’s HomeTeamNS hit by ransomware attack

Singapore non-profit organisation HomeTeamNS was hit by a ransomware attack that affected some of its servers containing data of its current and former employees, as well as vehicle details of some members.

In a media statement on 3 March 2025, HomeTeamNS said the affected servers were immediately disabled and isolated from its IT network. It is also working with the authorities and has engaged third-party cyber security experts to investigate and remediate the incident.

As part of remediation efforts, it has changed the passwords of all its administrative accounts, and security scans and firewalls have been further enhanced to strengthen its network security. At this time, HomeTeamNS said there is no evidence of data extraction, but it is monitoring the situation closely.

“We have reached out to those who are affected to assist them with protecting themselves from phishing or unauthorised transactions and to minimise the impact from this incident. The protection of our stakeholders’ personal data is of utmost importance to HomeTeamNS.

“We are working closely with our cyber security experts, the Police and the Cyber Security Agency of Singapore to investigate and remediate this incident,” it added.

HomeTeamNS was set up in 2005 to recognise the contributions of national servicemen in the Singapore Police Force and Singapore Civil Defence Force. With over 260,000 members, it operates four clubhouses that provide a shared environment for them to network and build bonds through sporting and social activities.

According to Group-IB’s latest High-tech crime trends report, ransomware remains one of the most profitable forms of cyber crime, with attacks rising by 10% globally in 2024, fuelled by the ransomware-as-a-service model.

Last year, the Asia-Pacific (APAC) region recorded 467 ransomware-related attacks, with real estate, manufacturing and financial services among the top targeted industries. Underground recruitment efforts for ransomware affiliates increased by 44%, further demonstrating the industrialisation of cyber extortion.

Beyond financial extortion, ransomware attacks often result in significant data breaches. Last year alone, 5,066 ransomware incidents led to data leaks on dedicated leak sites, exposing sensitive business and institutional data. A staggering 6.4 billion compromised records appeared on cyber criminal marketplaces, including email addresses, phone numbers, financial data and passwords, fuelling cyber fraud, identity theft and secondary attacks.

Among these, more than 6.5 billion leaked entries contained email addresses, over 3.3 billion included phone numbers, and 460 million passwords were exposed. Indonesia and Thailand ranked among the top 10 global markets affected by dark web data leaks.

The accessibility of stolen data has contributed to a surge in phishing attacks, which rose by 22% globally in 2024. In APAC, over 51% of phishing attacks targeted the financial services sector while commerce and retail accounted for more than 20%.

Noting that cyber crime is a chain reaction where each attack strengthens the next, Dmitry Volkov, CEO of Group-IB, called for organisations to adopt proactive security strategies, improve cyber resilience and recognise that every cyber threat feeds into a larger interconnected battle. “To mitigate these threats, we must disrupt the cycle by enhancing cooperation and building a global framework to fight against cyber crime,” he said.