Ransomware surge sees hackers demand up to USD $8.6 million

Techday NZ

13-05-2025

On International Anti-Ransomware Day, cybersecurity experts are warning that ransomware threats continue to surge in scale and sophistication, with attacks increasingly targeting cloud infrastructure and exploiting human vulnerabilities rather than solely compromising computers and networks through traditional malware.
The 12th of May marks the anniversary of the 2017 WannaCry attack that paralysed critical services worldwide, notably disrupting the National Health Service in the United Kingdom. Since then, ransomware has become a household term—albeit one still shrouded in technical complexity for many. Rebecca Moody, Head of Data Research at Comparitech, reflected on the shift, stating, "In 2017, ransomware, to many people, was still a huge unknown. Fast-forward to today, and it's a word within a lot of people's vocabulary—even if they don't understand the technical jargon surrounding it. This is because of large-scale attacks like WannaCry and the current attack on Marks and Spencer, bringing these types of attacks to the forefront."
Moody revealed that ransomware attacks have not subsided. "Sadly, however, while awareness around these types of attacks has grown, so too has the number of attacks. Since 2018, we've seen yearly increases in the number of ransomware attacks (except for a dip in 2022), and the amount of data involved in these attacks has also risen exponentially." Hackers have honed their focus on double-extortion tactics, whereby criminals not only encrypt systems for ransom but also steal sensitive data for additional leverage.
According to Comparitech's analysis, the UK has suffered 281 confirmed ransomware attacks since 2018, resulting in the breach of over 3.3 million records. Recent average ransom demands have reached nearly USD $8.6 million (GBP £6.5 million). For 2024 alone, there have been 40 attacks, affecting nearly 1.2 million records, with 12 attacks already reported so far this year. Moody noted that while no breaches have yet been reported for this year's attacks, significant numbers may emerge as incidents involving major companies such as Marks and Spencer and Co-op are investigated.
"As we've seen with Harrods, Co-op, and M&S, social engineering tactics were used to carry out these attacks, whereby employees were tricked into changing their passwords," Moody added. She underscored that despite the evolving threat landscape, the fundamentals for defending against ransomware remain unchanged: maintaining up-to-date systems, patching vulnerabilities promptly, regular backups, robust incident response planning, and comprehensive staff training.
This year, attention is also focusing on the rise of identity and cloud-driven attacks. Fabio Fratucello, Field CTO at CrowdStrike, explained: "Ransomware remains one of the most persistent and damaging threats facing organisations today. It has evolved far beyond being just an endpoint issue—it's now a challenge rooted in identity, cloud infrastructure and data security."
Fratucello cited data from CrowdStrike's 2025 Global Threat Report, noting, "79% of initial access attacks are now malware-free and access broker activity has surged by 50% year over year. This shows a clear pivot towards stealth and credential-based attacks, making traditional defences obsolete." He advocated for unified, AI-driven platforms that deliver protection and visibility across endpoints, identities, and the cloud, arguing that legacy, fragmented tools are no longer sufficient. "In today's threat landscape, visibility is protection. And protection must start with consolidation," Fratucello asserted.
Looking ahead, the interplay of artificial intelligence and cybercrime is poised to be the next frontier. KnowBe4, a prominent security company, predicts that agentic AI ransomware—autonomous, intelligent bots orchestrating attacks—will soon pose an unprecedented threat. Roger Grimes, KnowBe4's data-driven defense evangelist, commented: "AI agentic ransomware will gain initial access, analyse the environment, determine how to maximise malicious hacker profits, and implement the attacks. And it will not be just one attack, but a series of escalating attacks to maximise a malicious hacker's profit."
Ransomware payments escalated over the past year, with average amounts climbing to USD $2.73 million, according to KnowBe4. Grimes highlighted that malicious actors typically adopt innovations six to twelve months after they are developed by legitimate cybersecurity researchers. He urged organisations to leverage AI and advanced defences now to prepare for the threats on the horizon.
As cybercriminals continue to refine their tactics and exploit both technology and human factors, experts unanimously stress the enduring importance of proactive security practices. Regular training, technological consolidation, and continual vigilance remain the cornerstones of effective cyber defence against one of the digital age's most formidable adversaries.