AI boosts ransomware impacts

Ransomware continues to pose a significant threat to large and medium-sized businesses, with numerous ransomware gangs leveraging artificial intelligence for automation, according to Acronis. From January to June 2025, the number of publicly reported ransomware victims surged by 70% compared to the same period in 2023 and 2024. February emerged as the most severe month, recording 955 reported cases. Cl0p was responsible for 335 of these incidents, marking a staggering 300% month-over-month increase, primarily due to the mass exploitation of high-severity vulnerabilities in CLEO MFT platforms, including Harmony, VLTrader, and Lexicom, as well as CVE-2024-50623 (remote code execution) and CVE-2024-55956 (command injection). Although the pace of attacks slowed in Q2 2025, with 1,522 victims compared to 2,120 in Q1, this decline was likely influenced by law enforcement crackdowns, rebranding pauses by major groups, and enhanced corporate defences.

The manufacturing, retail, and technology sectors were the most targeted industries for ransomware attacks in Q1 2025. Retail, food and drink, and telecommunications and media also emerged as popular targets. While the overall number of attacks targeting Managed Service Providers (MSPs) decreased during the measured period, the nature of these attacks shifted significantly. Phishing accounted for 52% of all attacks on MSPs, up from 30% in 2024, while Remote Desktop Protocol (RDP) attacks nearly disappeared. Despite a slight decrease from 15% to 13%, credential abuse remained a consistent threat, driven by attackers harvesting valid tokens and passwords through infostealers. In the first half of 2025, ransomware groups such as Akira, Play, Cl0p, RansomHub, Qilin, and RALord/Nova were particularly active against MSPs and telecom providers, each employing distinct methods to infiltrate systems.

Attackers have increasingly exploited the trust users place in real-time communication tools, employing tactics like deepfake-based Business Email Compromise (BEC) to impersonate CEOs and bypass traditional security measures. The persistence of advanced attacks, although low in volume, underscores the ongoing threat posed by zero-day exploits and AI-driven tactics. Between January 1 and May 15, 2025, researchers scanned over 714 million emails and nearly 1.28 billion files and URLs, detecting a total of 7,201,107 attacks, which averages to about 205 attacks per organisation each month. Approximately 30% of the scanned emails were flagged as spam, while 1.1% were identified as outright malicious, containing phishing links, malware, or advanced attack payloads. Malware in collaboration applications saw a significant decline, dropping from 82% to 45%, while phishing incidents surged from 9% to 30.5%, and advanced attacks increased from 9%.

AI boosts ransomware impacts

Fraudulent VPN and spam blocking applications associated with VexTrio are being utilized for advertisement deception and subscription scams.

Microsoft has addressed the “BadSuccessor” Kerberos vulnerability identified as CVE-2025-53779.

Raspberry Robin malware downloader is targeting Windows systems by utilizing a new exploit related to a frequently used vulnerability in the Log File System Driver.

A vulnerability in Lenovo webcams that run on Linux can be exploited remotely, allowing for potential BadUSB attacks.

North Korea Launches Ransomware Attacks Targeting South Korean Citizens

Share this:

Similar Posts