Ransomware remains top threat to large and midsized businesses, most active groups are increasingly leveraging AI for low-effort, high-reward campaigns
SCHAFFHAUSEN, Switzerland, Aug. 20, 2025, a global leader in cybersecurityand data protection, today released the findings of the Acronis Cyberthreats Report H1 2025, detailing the most popular threat vectors, active threat groups, and targeted industries in the first half of 2025. Ransomware remains the major threat for large and medium-sized businesses, with new groups increasingly leveraging AI to automate their activities - phishing accounted for 25% of all attacks and 52% of attacks targeting MSPs, a 22% increase compared to 1H 2024.
The biannual report covers the global threat landscape as encountered by the Acronis Threat Research Unit (TRU) and Acronis sensors on Windows endpoints from January through June 2025. Based on signals from over 1,000,000 unique endpoints distributed around the world, the report also incorporates statistics focused on threats targeting Windows operating systems, given their prevalence as compared to macOS and Linux.
"While the endgame for cybercriminals is still ransomware, how they get there is changing," said Gerald Beuchelt, CISO at Acronis. "Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks and automating their activities with minimal effort. The result is that MSPs, manufacturers, ISPs, and others are constantly exposed to sophisticated attacks, including increasingly advanced deepfakes, and all it takes is one mistake to put the organizations' entire future at risk. To survive in this threat landscape and avoid damaging ransomware payloads, a holistic cyber protection strategy that incorporates advanced detection, response and recovery capabilities is essential."
Key Findings of the Acronis Cyberthreats Report H1 2025 include:
- Ransomware is Still Top-Dog: The number of publicly known ransomware victims increased nearly 70% over the measured time period, as compared to both 2023 and 2024. Cl0p, Akira, and Qlin are the most active ransomware gangs.
- AI Powering Surge in Social Engineering: Ransomware gangs are increasingly utilizing AI, and this is reflected in their chosen threat vectors - social engineering and BEC attacks increased from 20% to 25.6% in January 2025 through May 2025 compared to the same period in 2024, likely due to the growth in AI use for crafting convincing impersonations. Malware was discovered in 1.47% of Microsoft 365 email backups.
- MSPs Bombarded by Phishing and BEC Attacks: While the overall number of attacks targeting MSPs fell over the measured time period, the nature of attacks changed significantly; phishing accounted for 52% of all attacks targeting MSPs as compared to 30% in 2024, while Remote Desktop Protocol (RDP) attacks all but vanished.
- Not All Phishing Attacks are Created Equal: While phishing is the weapon of choice for attackers, they are increasingly focusing on collaboration apps, eschewing simple BEC campaigns. Almost 25% of the attacks in collaboration apps leveraged AI-generated deepfakes or automated exploits.
- Manufacturers in the Crosshairs: Manufacturing was ransomware gangs' most targeted industry, representing 15% of all recorded cases in Q1 2025. Retail, food and drink (12%) and telcos and media (10%) were also popular targets.
For more information, download a copy of the full Acronis H1 2025 Cyberthreats Report here: https://www.acronis.com/en-us/resource-center/resource/acronis-cyberthreats-report-h1-2025
To learn more about the report and its findings, visit the Acronis blog here: https://www.acronis.com/en-us/blog/posts/acronis-cyberthreats-report-h1-2025-some-good-news-and-a-lot-of-bad-news
About Acronis:
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers.
Acronis Press Contact:
Julia Carfagno
Senior Global Communications Manager
Julia.Carfagno@acronis.com
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/a17f815d-bf72-4cc5-b532-0059ac5fa0d0
