"The share of organizations affected by the persistent cyber threat has dropped across all regions. But, just as we were ready to uncork the champagne bottles, Kaspersky brings some harsh realities. Its annual report on ransomware threats shows attackers moving on to more sophisticated tactics, selling access, and fragmenting as a whole. Not too long ago, we could count the number of sizable ransomware groups on one hand. But whereas Conti, LockBit, Akira and others have at one point claimed a third of all such attacks, no collective has reached a "market share" of more than 10.98 percent across 2025."
"Notably, many notorious groups such as ShinyHunters or Scattered Spider have claimed headlines without deploying ransomware. It seems cybercrime and state actors have reached the conclusion that many will pay simply to keep personal and enterprise data private, without even needing to regain access. Alternative business models mature With the drop in ransomware victims, a similar drop in attacks ought to be expected. However, previous research showed that 2025 was actually a record year once again."
"NCC Group counted 7,900 incidents, 1,022 of which were inflicted by Qilin. Kaspersky now notes another dimension here, with new tactics added to attackers' playbooks. One such emergent tool is the EDR killer. "Deliberate and methodical intrusions" are thus increasing, Kaspersky notes. Other evasion tactics include BYOVD, or "Bring Your Own Vulnerable Driver", where attackers will patch systems to an exploitable state."
"This can of course be repelled by stricter policies around driver management, making high-privileged account compromises more valuable than ever. Speaking of account compromises, the already noted trend of threat actors selling on credentials is continuing. Access-as-a-Service is being "industrialized" by initial access brokers, Kaspersky says."
The share of organizations affected by ransomware has declined across regions, but attackers are adopting more sophisticated tactics. Large ransomware groups have lost dominance, with no collective reaching more than 10.98% market share across 2025. Some notorious groups have generated headlines without deploying ransomware, suggesting attackers may rely on data privacy leverage rather than full encryption. Despite fewer victims, incident counts remain high, including many attributed to Qilin. New tactics include EDR-killing behavior and BYOVD, where systems are patched into exploitable states. Credential selling continues through industrialized Access-as-a-Service offered by initial access brokers, increasing the value of high-privileged account compromise.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]