The number of publicly known ransomware victims jumped early 70% compared to the same period in 2023 and 2024, according to the newly released Acronis Cyberthreats Report H1 2025.
The surge underscores ransomware’s continuing grip on businesses worldwide, especially as attackers increasingly exploit AI to sharpen their tactics.
While the endgame for cybercriminals is still ransomware, how they get there is changing,” said Gerald Beuchelt, CISO at Acronis. “Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks and automating their activities with minimal effort.”
Manufacturing Hit Hard by Ransomware
Ransomware continues to dominate the global threat landscape. In February 2025 alone, cybercriminal group Cl0p claimed responsibility for 335 victims, many tied to mass exploitation of vulnerabilities in MFT platforms. The groups’ aggressive campaign compromised nearly 390 organizations in just three months, heavily targeting manufacturing and logistics sectors.
In fact, manufacturing topped the list of targeted industries, account for 15% of all ransomware cases in Q1 2025, followed by retail and food services (12%) and telecom/media companies (10%).
MSPs Under Fire from Phishing
Managed Service Providers (MSPs) remain a prime target due to their access tp multiple client environments. The report found that phishing now accounts for 52% of all MSP breaches, up from 30% in 2024. This marks a major shift towards exploiting human behavior aided by AI-generated lures.
The fallout from such attacks was evident in several high-profile breaches:
- Telefonica, a Spanish telecom giant, lost data on 20,000 employees weaponized stolen credentials.
- Qilin ransomware breached Virtual IT in the US, exposing downstream clients.
- Assesco Poland, part of Europe’s largest software vendor, fell victim to HellCat through stolen Jira credentials
While RDP-based exploits plummeted from 24% to just 3% of attacks, credential theft and unpatched vulnerabilities remain critical risks.
From Inbox to Chatbox: Collab Apps in the Crosshairs
Email remains a key attack vector, but criminals are migrating towards collaboration platforms like Microsoft Teams. Phishing in collaboration apps rose from 9% in Q1 2024 to 30.5% in Q1 2025, with nearly a quarter of those attacks leveraging AI-generated deepfakes and automated exploits.
At the same time, malicious email ratios fell from 1.5% to 1.1%, likely due to improved filtering techniques. BEC schemes, however, rose fto 25.6% of all attacks, underscoring cybercriminals’ continued reliance on social engineering.
Several large-scale campaigns marked the first half of 2025:
- CoGUI phishing kit blasted over 580 million emails impersonating payroll and payment platforms.
- A smishing wave powered by Darcula stole 884,000 credit cards via iMessage and RCS.
- A fake recruitment campaign targeted CFOs worldwide with deepfake recruiters and hidden malware.
These trends signal a growing shift toward exploiting communication tools rather than relying on traditional spam tactics.
AI Supercharges Cybercrime
AI has become the defining weapon of the modern threat landscape. Criminals increasingly use AI-driven phishing kits, autonomous malware, and deepfake social engineering to bypass defenses.
One alarming case saw North Korean operatives using AI-powered deepfakes to pose as remote developers and gain employment at Western technology companies. These operatives gained months of access to sensitive systems before detection – all while funnelling salaries back to the North Korean state.
Meanwhile, vulnerabilities in the DeepSeek AI model exposed sensitive data through prompt injection attacks, highlighting the risks of deploying AI without adequate safeguards. On social media, deepfake scams impersonating trusted public figures lured users into fraudulent investments, affecting nearly a million victims in Europe alone.
As Beuchelt noted, “MSPs, manufacturers, ISPs, and others are constantly exposed to sophisticated attacks, including increasingly advanced deepfakes, and all it takes is one mistake to put the organizations’ entire future at risk.”
Preparing for the Next Wave
Ransomware is intensifying again, phishing is evolving, and AI is lowering the bar to entry for cybercrime. For businesses, this means the threat landscape is not only expanding but accelerating.
“To survive in this threat landscape and avoid damaging ransomware payloads, a holistic cyber protection strategy that incorporates advanced detection, response and recovery capabilities is essential,” Beuchelt said.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.