Ransomware is still on the rise: 2024 was already a record year for blackmailers, 2025 is unlikely to get any better. How do security experts assess the current threat situation on the Internet? We reviewed current reports and compiled the results.
IT security is continuously evolving due to the rapid advancement of digital technologies and the growing interconnectedness of networks. As a result, the threat landscape has changed significantly in recent years. Cybercriminals are employing increasingly sophisticated techniques to identify and exploit vulnerabilities, prompting companies and organizations to consistently adapt their defense strategies.
In light of recent developments, trends in IT security are becoming increasingly important. These trends not only tackle current challenges but also present proactive strategies to protect sensitive data and systems. How do IT security manufacturers and experts view the current and future landscape for 2025? Which cyber threats have been particularly prominent in recent months? And what potential developments could the coming year bring?
IT security providers have reported a continued rise in ransomware attacks across the board. For instance, Swiss security firm Acronis noted a 32% increase in ransomware detections from the fourth quarter of 2023 to the first quarter of 2024. The company considers ransomware to be a "significant threat to small and medium-sized enterprises (SMEs), particularly in critical sectors such as government and healthcare."
American telecommunications provider Verizon also reports in its "2024 Data Breach Investigations Report" on the increasing risk of ransomware attacks. Ransomware or another form of blackmail is now involved in about a third of all successful attacks on companies. Around 92% of all industries are at risk or have already been victims of ransomware attacks.
In 2024, a ransom payment of approximately $75 million was made to the ransomware group known as Dark Angels. This amount is nearly double the highest ransom payment previously recorded. Security experts believe that the success of this group will likely lead to more imitators employing similar tactics. As a result, businesses should focus on enhancing their defenses against increasingly expensive ransomware attacks.
According to Verizon, on average, blackmailers demand a ransom that corresponds to approximately 1.34% of a company's annual revenue. In 80% of the cases examined, ransom demands fall between 0.13% and 8.30% of annual sales. The average ransom request is $46,000. Verizon's report is based on investigations conducted by the FBI.
In 2022, the number of global ransomware attacks decreased for the first time in five years. However, in 2023, the security provider Advens reported a 12% increase in blackmail attacks compared to the previous year. In a global context, German companies ranked as the fourth most targeted by ransomware, according to Advens's annual Threat Status Report.
In Germany, mechanical engineering companies were the most frequently targeted by cyberattacks, followed by the construction industry, the automotive industry, and electronics manufacturing. On average, it took three to four weeks for a company that had been attacked by ransomware to resume normal operations. Advens also examined how cybercriminals develop their toolkits. In 2019, it took an average of two months to code new ransomware. By 2023, this timeframe had decreased significantly to just four days.
The simplest methods of attack are also the most common. Advens highlights phishing, compromising third-party services, exploiting existing vulnerabilities, and DDoS attacks. They observed that many attackers act opportunistically and focus on significant risk vulnerabilities.
Verizon also looked into how gangs are refining their attacks. Cybercriminals increasingly use stolen data to apply pressure on unwilling victims. For instance, they may threaten to inform the customers of targeted companies about a data breach if the companies refuse to pay the demanded ransom initially.
Other forms of pressure may involve disclosing personal contact details or publishing information about the family members of company directors or business owners. Additionally, the threat to report potential illegal business activities discovered in the stolen data can also be a factor.
Even extraordinary measures are not beyond the perpetrators. In a case reported in 2024, attackers allegedly defaced a business owner's photo by adding devil's horns and published it online along with the owner's social security number. Sometimes, blackmailers also slander their victims by labeling them as "irresponsible and negligent" or pressure them to sue their employer for supposed negligence. Others attempt to manipulate the media for their own purposes, which adds to the pressure on the victims.
Both ransomware attacks on companies and the overall number of cyber-attacks have been on the rise recently. As a result, for the first time, the Global Risks Report from the World Economic Forum (WEF) has ranked cybersecurity as the eighth greatest threat to humanity over the next decade. In fact, IT risks are projected to be the fourth biggest concern in the next two years. According to a survey conducted by the WEF, 39% of participants consider cyber-attacks to be one of the most significant risks.
Due to the global rise in cyber-attacks, particularly ransomware incidents, and the anticipated impact of artificial intelligence (AI) on the threat landscape, it is essential to develop a strong cybersecurity framework. Companies need to prioritize IT security and create customized strategies to effectively address the ever-evolving threats they face. This proactive approach is crucial for better protection against the relentless tide of cyber threats. It’s time to take action before the next wave of attacks occurs.
Companies can address the growing security demands by utilizing the latest network technologies. Solutions such as Secure Access Service Edge (SASE), Zero Trust, Software-Defined Wide Area Network (SD-WAN), and Security Service Edge (SSE) are essential components of modern IT security strategies. We explain how these technologies integrate with NCP's solutions to enhance your IT security. Learn more now:
You might also be interested in:
NCP Talk with Chiara - Trainee in human resource management
Tell us a little about yourself: My name is Chiara, and I have been working as a trainee in human resource management alongside our management team since October 2022. Participating in this cooperative program allows me to apply the theoretical concepts from my university ...
Secure remote access to cloud applications
Today, it's uncommon to find a company not using the cloud, but how can we ensure the security of these diverse environments? VPNs provide the best solution for secure remote access.
Network segmentation: How secure zones protect your IT
Network segmentation stops hackers, protects critical data, and simplifies compliance. Learn more about how to divide your network into secure zones.
What are the key differences between SASE and SSE?
SASE combines network and security in the cloud, SSE focuses on security components. Which approach is right for your business?
![[Translate to Englisch:]](/fileadmin/user_upload/NCP_Blog/2025/Netzwerk_Segmente.jpg "[Translate to Englisch:]")
