Latest news with #CovewarebyVeeam
Techday NZ
a day ago
- Business
- Techday NZ
Ransom payments surge to USD $1.13 million as data theft rises
Coveware by Veeam has released its Q2 2025 ransomware report, indicating significant increases in both the frequency and financial impact of targeted social engineering attacks, particularly those involving data exfiltration. The report highlights that average and median ransom payments rose sharply during the second quarter. The average ransom reached USD $1.13 million, a 104% increase from Q1 2025, while the median doubled to USD $400,000. This escalation follows a pattern of more significant demands after incidents in which data is stolen rather than systems encrypted. Social engineering threats According to Coveware by Veeam, three major ransomware groups - Scattered Spider, Silent Ransom, and Shiny Hunters - dominated activity in Q2. These offenders shifted away from broad, opportunistic attacks to highly targeted campaigns, employing sophisticated impersonation techniques. The tactics included posing as employees or service providers to breach help desks and exploit internal processes. "The second quarter of 2025 marks a turning point in ransomware, as targeted social engineering and data exfiltration have become the dominant playbook," said Bill Siegel, CEO of Coveware by Veeam. "Attackers aren't just after your backups – they're after your people, your processes, and your data's reputation. Organisations must prioritize employee awareness, harden identity controls, and treat data exfiltration as an urgent risk, not an afterthought," Data exfiltration on the rise The report found that data theft is now prioritised over encryption in extortion efforts. Exfiltration was involved in 74% of ransomware cases handled by Coveware in Q2. Attackers increasingly rely on multi-extortion tactics and are known to issue delayed threats, prolonging risks to targeted organisations long after the initial breach is detected and contained. Targeted sectors and company sizes Analysis of the case data indicates that the professional services, healthcare, and consumer services sectors accounted for the highest proportion of incidents, comprising 19.7%, 13.7%, and 13.7% of attacks, respectively. Mid-sized enterprises, defined as those employing between 11 and 1,000 people, represented 64% of victim organisations. The report notes that attackers view such companies as offering the best balance between substantial ransom payout potential and relatively less developed cyber defences. Attack methods and vulnerabilities Credential compromise, phishing emails, and exploitation of internet-facing services remain the principal means of obtaining initial access to victim networks. The report also points to increased exploitation of vulnerabilities in well-known platforms including Ivanti, Fortinet, and VMware. Simultaneously, there has been a rise in attacks by so-called "lone wolf" perpetrators. These individuals are described as seasoned extortionists who use generic toolkits, but without clear branding or affiliation to known ransomware groups. The top ransomware variants in Q2 were named as Akira (19%), Qilin (13%), and Lone Wolf (9%). For the first time, Silent Ransom and Shiny Hunters also appeared within the top five variants monitored. Ransom payment dynamics The report attributes the dramatic increase in payment values largely to larger organisations choosing to pay ransoms following theft of sensitive data. This occurred even as the overall percentage of organisations agreeing to pay ransoms remained steady at 26%. Coveware by Veeam reports that its findings are based on proprietary data collected during incident response engagements, rather than external or third-party sources. The company utilises forensic tools and detailed documentation of threat actor behaviour to generate its quarterly insights. These reports are intended to offer actionable guidance on ongoing trends and new tactics, techniques, and procedures emerging within the ransomware landscape. Through real-time analysis, Coveware by Veeam has identified patterns that inform recommendations for enhancing organisational defences, such as improved employee training, more rigorous identity management protocols, and preparedness for incidents focused purely on data theft.
Business Wire
3 days ago
- Business
- Business Wire
Coveware by Veeam Reveals Q2 2025 Ransomware Surge: Social Engineering and Data Exfiltration Drive Record Payouts
SEATTLE--(BUSINESS WIRE)-- Coveware by Veeam ®, the leading authority in ransomware response and cyber extortion trends, today unveiled its Q2 2025 ransomware report, spotlighting a dramatic escalation in targeted social engineering attacks and a surge in ransom payments driven by sophisticated data exfiltration tactics. 'The second quarter of 2025 marks a turning point in ransomware, as targeted social engineering and data exfiltration have become the dominant playbook,' said Bill Siegel, CEO of Coveware by Veeam. 'The second quarter of 2025 marks a turning point in ransomware, as targeted social engineering and data exfiltration have become the dominant playbook,' said Bill Siegel, CEO of Coveware by Veeam. 'Attackers aren't just after your backups – they're after your people, your processes, and your data's reputation. Organizations must prioritize employee awareness, harden identity controls, and treat data exfiltration as an urgent risk, not an afterthought.' Key Q2 2025 findings from Coveware by Veeam include: Social Engineering Drives the Biggest Threats: Three major ransomware groups – Scattered Spider, Silent Ransom, and Shiny Hunters – dominated the quarter, each leveraging highly targeted social engineering to breach organizations across sectors. These groups abandoned mass opportunistic attacks for precision strikes, using novel impersonation tactics against help desks, employees, and third-party service providers. Ransom Payments Soar to New Highs: Both the average and median ransom payments rocketed to $1.13 million (+104% from Q1 2025) and $400,000 (+100% from Q1 2025), respectively. This spike is attributed to larger organizations paying out after data exfiltration-only incidents, even as the overall rate of organizations paying ransoms held steady at 26%. Data Theft Overtakes Encryption as Primary Extortion Method: Exfiltration was a factor in 74% of all cases, with many campaigns now prioritizing data theft over traditional system encryption. Multi-extortion tactics and delayed threats are on the rise, keeping organizations in the crosshairs long after an initial breach. Professional Services, Healthcare, and Consumer Services Hit Hardest: Professional services (19.7%), healthcare (13.7%), and consumer services (13.7%) bore the brunt of attacks. Mid-sized companies (11 – 1,000 employees) comprised 64% of victims, a sweet spot for attackers balancing payout potential against less mature defenses. Attack Techniques Evolve, Human Factor Remains Key Vulnerability: Credential compromise, phishing, and exploitation of remote services continue to dominate initial access, with attackers increasingly bypassing technical controls via social engineering. Groups regularly exploit vulnerabilities in widely-used platforms (Ivanti, Fortinet, VMware), and 'lone wolf' attacks by seasoned extortionists using generic, unbranded toolkits are on the rise. New Entrants Reshape Ransomware Rankings: Q2's top ransomware variants were Akira (19%), Qilin (13%), and Lone Wolf (9%), while Silent Ransom and Shiny Hunters entered the top five for the first time. Coveware by Veeam has helped thousands of cyber extortion victims and developed industry leading software and services that enable rapid forensic triage, extortion negotiation and remediation, cryptocurrency settlements and decryption services with a singular goal and outcome - data recovery from ransomware attacks. Through these incidents, Coveware by Veeam has gathered data and insights on threat actor patterns that provide an unrivaled view of the current threat landscape. These valuable findings are shared with customers to help educate and reduce risks, improve security posture, and ensure rapid recovery. Select Coveware by Veeam capabilities are incorporated into Veeam offerings including Veeam Data Platform and the Veeam Cyber Secure Program, delivering the insights and capabilities to a broader set of customers. Coveware by Veeam's quarterly report is based on firsthand data, expert insights and analysis from the ransomware and cyber extortion cases that they manage each quarter. By utilizing real-time incident response, proprietary forensic tools (including Recon Scanner), and comprehensive documentation of threat actor behavior, attack vectors, and negotiation outcomes, Coveware by Veeam delivers unparalleled visibility into the threat landscape. By aggregating and analyzing case-specific data – rather than relying on third-party sources – Coveware by Veeam is able to identify emerging trends, track tactics, techniques, and procedures (TTPs), and provide actionable, experience-based intelligence on the rapidly evolving ransomware landscape. To learn more on this latest report from Coveware by Veeam, read the blog post. For more information on Veeam, visit About Veeam Software Veeam®, the #1 global market leader in data resilience, believes every business should be able to bounce forward after a disruption with the confidence and control of all their data whenever and wherever they need it. Veeam calls this radical resilience, and we're obsessed with creating innovative ways to help our customers achieve it. Veeam solutions are purpose-built for powering data resilience by providing data backup, data recovery, data portability, data security, and data intelligence. With Veeam, IT and security leaders rest easy knowing that their apps and data are protected and always available across their cloud, virtual, physical, SaaS, and Kubernetes environments. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, including 67% of the Global 2000, that trust Veeam to keep their businesses running. Radical resilience starts with Veeam. Learn more at or follow Veeam on LinkedIn @veeam-software and X @veeam. Frequently Asked Questions: What are the biggest ransomware threats facing organizations in 2025? According to the latest report from Coveware and Veeam, the main threats are targeted social engineering attacks and data exfiltration, led by groups like Scattered Spider, Silent Ransom, and Shiny Hunters. Which industries and company sizes are most impacted by ransomware attacks? The latest report from Coveware and Veeam found professional services, healthcare, and consumer services firms are most targeted. Mid-sized companies (11–1,000 employees) make up 64% of victims due to less mature defenses. How have ransomware techniques evolved in 2025? The latest report from Coveware and Veeam found that attackers now focus on credential compromise, phishing, and exploiting remote services. Social engineering is a key weakness, and there's a rise in 'lone wolf' attacks using generic toolkits and vulnerabilities in platforms like Ivanti, Fortinet, and VMware. How can organizations strengthen their defenses against ransomware? Coveware by Veeam advises boosting employee security awareness, hardening identity controls, and urgently addressing data exfiltration risks. Using Veeam's resilience and recovery solutions helps reduce risk and maintain business continuity.
