Ransomware Attacks Are On the Rise: The AI-Powered Threat We Can't Ignore
Last quarter of 2024 saw a massive surge in ransomware attacks, with a whopping 132% increase in Q1 2025. This upward trend is attributed to the evolving nature of ransomware and the ever-growing arsenal of tools available to attackers.
AI-Driven Social Engineering: A New Era of Phishing
A recent threat intelligence report from Ontinue revealed that social engineering using AI deception, commonly known as deepfake phishing or vishing, has increased by a staggering 1,633% in Q1 2025 compared to the last quarter of 2024. This represents a clear shift towards more sophisticated and effective tactics used by ransomware attackers.
Deepfakes are being used to deceive employees into divulging sensitive information or clicking on malicious links, ultimately gaining unauthorized access to networks and systems. The use of AI-powered social engineering attacks has made it increasingly difficult for organizations to distinguish between genuine and phishing emails.
Bypassing 2FA: A Growing Concern for Organizations
Ransomware attackers are also exploiting operational technology environments (OT) with greater frequency, making it easier for them to gain access to systems without having to worry about annoying 2FA codes. This represents a significant threat to organizations that have traditionally relied on traditional security measures.
Reducing Ransomware Payments: A Positive Trend
The amount being paid in ransom demands has fallen by over 35% in Q1 2025, a clear indication that law enforcement pressure, international collaboration, and organizational refusal to pay are making a dent in the ransomware threat. This trend is attributed to organizations strengthening their security posture to avoid paying ransoms.
"The combination of increased law enforcement pressure, better international collaboration, and organizations refusing to pay are clearly making a dent," said Casey Ellis, founder at Bugcrowd. "It's also a testament to the pay or don't pay debate evolving into 'a broader conversation about resilience and deterrence.'"
A Changing Threat Landscape: Adapting to Evasion Tactics
Ransomware groups are rapidly adapting to new security measures, including the use of 2FA bypass attacks. This includes interactions with IT teams to elicit information to improve access, SaaS-based attacks, and even studying file-transfer technology for rapid exploitation and double extortion methods.
"The ransomware business model is an arms race," warned Nathaniel Jones, vice president of threat research at Darktrace. "Threat actors are nothing if not adaptable." Jones emphasized the importance of prioritizing vulnerability management programs to prevent unauthorized access and establish possible attack paths across estates.
A Warning from the Experts: Prioritize Vulnerability Management
With attackers leveraging AI, trusted platforms, and legitimate software tools to breach defenses and exploit vulnerabilities, it's imperative for organizations to take proactive measures to protect themselves. As Jones concluded, "Rather than relying solely on encrypting a target’s data for ransom," threat actors will increasingly employ double or even triple extortion strategies, encrypting sensitive data but also threatening to leak or sell stolen data unless their ransom demands are met."
Don't wait until it's too late; prioritize your vulnerability management program and establish possible attack paths across your estate to prevent unauthorized access. The stakes have never been higher.
The Pay or Don't Pay Debate: Evolving into a Broader Conversation
As the ransomware threat landscape continues to evolve, it's essential for organizations to recognize that paying ransoms is no longer the best option. The pay or don't pay debate has become a broader conversation about resilience and deterrence.
"We've already seen a shift toward exfiltration-based extortion," warned Ellis. "Stolen data and threatened leaks are becoming increasingly common tactics used by ransomware attackers." It's time for organizations to rethink their approach and prioritize resilience over paying ransoms.