Ransomware Attacks Escalate in April 2025: Dutch Food Distributor and Singapore Construction Firm Targeted

April 2025 has seen a surge in ransomware activity, with new victims including a major Dutch food distribution company and a Singapore-based construction firm. The ASEC Blog’s latest report highlights these incidents as part of a broader trend of increasing ransomware attacks across multiple sectors¹. The Dutch company was listed as a victim of the INC Ransom group, while the Singapore firm was targeted by the DevMan ransomware operation. These attacks follow a pattern of high-impact incidents observed since early 2024, including the Qilin ransomware’s strikes against Galvatech and SK Group².

Recent Ransomware Incidents

The attack on the Dutch food distributor marks the third major incident in the European food supply chain this year. Previous targets included cold storage providers in Germany and a dairy cooperative in France. INC Ransom, the group claiming responsibility, has been active since late 2024 and specializes in double extortion tactics³. The Singapore construction company attack by DevMan follows a similar pattern seen in March 2025 when the group compromised an Australian healthcare provider⁴.

These incidents occur against a backdrop of increasing ransomware sophistication. The first quarter of 2025 saw a 22% increase in ransomware attacks compared to Q4 2024, with average ransom demands reaching $5.2 million⁵. Healthcare and manufacturing remain prime targets, accounting for 46% of all attacks this year.

Technical Analysis of Current Threats

The INC Ransom group employs a modified version of the Babuk ransomware code, with added capabilities for lateral movement through compromised networks. Their attacks typically begin with phishing emails containing malicious OneNote attachments⁶. Once executed, the malware disables endpoint protection solutions before encrypting files and exfiltrating data.

DevMan’s approach differs, focusing on exploiting vulnerable internet-facing systems. Recent incidents show their preference for targeting unpatched Fortinet and Citrix devices⁷. Their ransomware payload includes a unique feature that attempts to identify and encrypt backup repositories before moving on to primary systems.

Recent High-Profile Ransomware Attacks (2025)

Group	Victim	Sector	Date
Qilin	Galvatech	Manufacturing	April 2025
Qilin	SK Group	Manufacturing	April 2025
INC Ransom	Dutch Food Distributor	Food Supply	April 2025
DevMan	Singapore Construction Co.	Construction	April 2025

Defensive Recommendations

Organizations should prioritize patching known vulnerabilities in internet-facing systems, particularly those affecting remote access solutions. The following measures can help mitigate ransomware risks:

• Implement application allowlisting to prevent unauthorized executables
• Maintain offline, immutable backups of critical systems
• Enable multi-factor authentication for all remote access points
• Conduct regular phishing awareness training
• Monitor for suspicious network traffic patterns

Recent data shows organizations with comprehensive backup strategies experience 78% faster recovery times following ransomware incidents⁸. Network segmentation remains one of the most effective controls, limiting lateral movement for attackers who breach perimeter defenses.

Conclusion

The April 2025 ransomware attacks demonstrate the continued evolution of these threats. Groups like INC Ransom and DevMan are refining their tactics to maximize impact and financial gain. While law enforcement efforts have disrupted some operations, the ransomware ecosystem remains robust, with new groups emerging to fill any voids. Organizations must maintain vigilance and implement layered defenses to protect against these persistent threats.