25-03-2025
Massive Surge In Ransomware Attacks—AI And 2FA Bypass To Blame
Ransomware attacks up, ransoms paid down.
If you need proof that the ransomware threat is not dead in the security threat water, look no further than the latest FBI warning about the Medusa ransomware-as-a-service attacks. Ransomware is not only alive and well but also rapidly evolving. I have reported how one criminal group, Black Basta, was found to be using sophisticated tools to brute-force VPN and firewall passwords, and stolen passwords are increasingly driving attacks. The good news is that enterprise defenses are improving, and the amount being paid in ransom demands to these criminal gangs is falling fast. The bad news is that the same threat intel report also revealed that the fast-evolving ransomware landscape has led to a massive surge in attacks. Here's what you need to know.
What if I were to tell you that social engineering using AI deception, commonly known as deepfake phishing or in some quarters as vishing, has increased by an incredible 1,633% in quarter one of 2025 compared to the last quarter of 2024? What's that got to do with ransomware? Apart from the fact that it is used as one of the most common methods of gaining initial access to your networks, nothing. Can you taste the sarcasm from my keyboard?
Ransomware attacks surged 132% despite a 35% drop in payments. With less ransom being paid out, cybercriminals are shifting their strategies to compensate for the growing number of organizations that have strengthened their security posture to avoid having to pay ransom. OK, let's change tack. What if I were to tell you that adversary-in-the-middle attacks are also increasing with alarming velocity? You know, those clever hacking tactics used to steal session cookies and, by so doing, enable ransomware attackers to access your accounts at leisure without having to worry about annoying 2FA codes. Maybe if I mentioned the exploitation of operational technology environments, I would be speaking your language. Ransomware attackers are targeting OT devices with greater frequency. Now, what if it wasn't me telling you this but the threat intelligence experts at Ontinue?
The March 25 threat intelligence report from Ontinue revealed all these things and more. 'The cyber threat landscape isn't just evolving,' it said, 'it's becoming more aggressive.' With attackers leveraging AI, trusted platforms and legitimate software tools to breach defenses and exploit vulnerabilities, this is not time to be sitting back and thinking the threat is over.
One of the interesting trends to come out of the Ontinue report was the fact that the amount of money being made by attackers through ransom payments is down a little over a third. Casey Ellis, founder at Bugcrowd, thinks this is fascinating but not surprising. 'The combination of increased law enforcement pressure, better international collaboration, and organizations refusing to pay are clearly making a dent,' Ellis said. It's also a testament to the pay or don't pay debate evolving into 'a broader conversation about resilience and deterrence,' Ellis continued. The real question, though, is will the downward dip continue. Ellis isn't convinced. 'The, ransomware business model is an arms race, and threat actors are nothing if not adaptable,' Ellis concluded. 'We've already seen a shift toward exfiltration-based extortion, stealing data and threatening to leak it if the ransom isn't paid.'
