TESTIMONIALS

โ€œReceived the latest edition of Professional Security Magazine, once again a very enjoyable magazine to read, interesting content keeps me reading from front to back. Keep up the good work on such an informative magazine.โ€

Graham Penn
ALL TESTIMONIALS
FIND A BUSINESS

Would you like your business to be added to this list?

ADD LISTING
FEATURED COMPANY
Cyber

Round-up on ransomware

by Mark Rowe

The second quarter of 2025 saw a drop of 6pc in the number of victims listed on ransomware Data Leak Sites, compared to the monthly average during the last 12 months, according to the latest report by Check Point Research (CPR). This decline, according to the researchers, is likely driven by continued global law enforcement efforts, a drop in victimsโ€™ willingness to pay, and strategic shifts by ransomware operators to reduce risk exposure.

As for public policy, more countries (including the UK) are increasing their restrictions on ransom payments, or looking to. Given the rising operational risk and shrinking profits, many ransomware operators are abandoning ransomware entirely or deliberately reducing their exposure, the research suggests. The researchers point to a growing number of smaller, often short-lived, ransomware entities; meanwhile, established players are competing to recruit these โ€œorphanedโ€ affiliates.

Ransomware groups are copying corporate branding and offering ‘white-labelled’ services, going as far as partnering with Ramp, an underground ransomware forum; and are exploring how AI can be used to enhance their operations, according to the study. More broadly speaking, the ransomware landscape is markedly shifting away from encryption to data theft and exposure as the primary means of extortion, it’s suggested. As for verticals, no single one stands out as specifically targeted; though the healthcare and medical sector continues to attract attention. More at the Check Point Software website.

Comment

Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software, says: โ€œIn Q2 2025, we saw a clear shift in the ransomware landscape: fewer dominant RaaS groups, a drop in publicly listed victims, and more nuanced extortion tactics. As ransomware adapts to a fragmented ecosystem, we expect to see even more aggressive negotiation strategies and a growing reliance on AI to automate and enhance every stage of the attack process.โ€

You can read the full research report at: https://research.checkpoint.com/2025/the-state-of-ransomware-q2-2025/.

The US cyber firm Semperis in its latest report has found slight decreases year over year in companies paying ransoms. Still, most, 69 per cent of companies that were victimised by ransomware paid a ransom. UK government and public sector organisations are alarmingly more likely to pay: most, 83pc paid the ransom, ahead of the planned ransomware payment ban. Globally, 38pc of companies paid multiple ransoms and 11% of companies paid three times or more.

Former US National Cyber Director and Semperis Strategic Advisor Chris Inglis warns against complacency. he says: “True regret isnโ€™t knowing what you should have done; itโ€™s not having done what you knew was needed and had the means to do.โ€

Ransomware attacks according to Semperis continue to be highly coordinated, strategically timed and deeply embedded throughout systems before they are executed. This gives multiple attackers access to multiple operational systems โ€” so they can execute multiple strikes. Organisations must be on continual alert, always ready for the success of not one, but multiple breaches, the firm adds.

The findings indicate that ransomware attacks are frequent, with half of respondents citing cybersecurity threats as the top threat to business resilience. The top cybersecurity challenge facing organisations is the sophistication of attacks (37pc), while for 32pc it is attacks against organisationsโ€™ identity infrastructure, most commonly Active Directory. Nearly 20pc of companies that paid a ransom either received corrupt decryption keys that were unusable or the hackers still published stolen data after stating they would not.

Mickey Bresman, CEO of Semperis, said: โ€œPaying ransoms should never be the default option. While some circumstances might leave the company in a non-choice situation, we should acknowledge that itโ€™s a downpayment on the next attack. Every dollar handed to ransomware gangs fuels their criminal economy, incentivising them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom.โ€

Gen (whose brands include Norton and Avast) points to its help in taking down the first known ransomware developed using AI; malware encrypted data and demanded payment. Gen says its researchers worked with law enforcement to help victims recover their files without paying via a free decryptor released by Avast. FunkSec has since gone quiet. The firm reports also a surge in Tech Support Scams on Facebook.

Siggi Stefnisson, Cyber Safety CTO at Gen, said: โ€œCyber threats continue to be smarter, faster, and more personal. From AI-powered ransomware to fake online pharmacies, the risks are real โ€“ and increasingly difficult for people to spot. But with global cooperation, advanced detection, and a relentless commitment to developing products that stop the latest threats, we can stay one step ahead. While threats continue to evolve, so does our ability to fight them.โ€

Related News