Ransomware at record levels

Ransomware attacks are running at record levels, with ESET saying the number of publicly listed victims jumped about 50% from a year earlier. (eset.com) Ransomware is malicious software that locks files or steals data and then demands payment to restore access or keep the data private. ESET said its leak-site analysis showed a steep 50% year-over-year increase in attacks, while its H2 2025 threat report said 2025 victim totals had already exceeded 2024 by more than 1,700 cases by the end of November. (eset.com) Those counts come from criminal groups’ own leak sites, which are public shaming pages used to pressure victims into paying. GuidePoint Security said Q1 2025 was the busiest quarter on record for victims posted to those sites, but it also warned that leak-site totals are imperfect because some victims are never posted and some claims are exaggerated or duplicated. (guidepointsecurity.com) The rise has come even after major law-enforcement disruptions aimed at big ransomware brands. ESET said the first half of 2025 still saw growing attack volume and a growing number of active gangs, with infostealers, phishing, and the fast-rising ClickFix social-engineering trick feeding more intrusions. (web-assets.esetstatic.com) ClickFix works like a fake repair prompt: a victim is shown a bogus error and tricked into running commands that actually infect the machine. ESET said that technique rose more than 500% versus the previous half year and became its second most common attack vector after phishing. (web-assets.esetstatic.com) Another shift is that attackers are spending more effort on blinding security tools before they encrypt anything. ESET said groups including Akira, Qilin and Warlock have been using “Endpoint Detection and Response killers,” tools that shut down endpoint defenses right before the lock-and-extort phase. (eset.com) Broader breach data points in the same direction. Verizon said ransomware appeared in 44% of the breaches it reviewed in its 2025 Data Breach Investigations Report, up from 32% a year earlier, and said 88% of breached small and medium-sized businesses had ransomware in their systems. (verizon.com) The money picture is moving differently from the attack picture. Chainalysis said ransomware payments in 2024 fell 35.82% year over year to about $813.55 million even as incident volume stayed high, showing that more attacks do not automatically mean more successful payouts. (chainalysis.com) Victims are also getting hit in more than one way. Sophos said its 2025 survey of 3,400 information-technology and cybersecurity leaders across 17 countries found that 50% of ransomware incidents ended with data encryption, the lowest rate in six years, as more attackers leaned on data theft and extortion even when encryption failed. (sophos.com) That leaves companies defending against a crime model that is getting cheaper to launch, harder to track, and less dependent on a single tactic. The latest reports from ESET, Verizon, GuidePoint and Sophos all describe the same pattern: more victims, more criminal groups, and more pressure on businesses before, during and after an intrusion. (eset.com)