Ransomware Groups Multiply as Attack Surface Expands, Finds GuidePoint Security Report
PorAinvest
jueves, 10 de julio de 2025, 6:10 am ET2 min de lectura
CSCO--
Despite this surge, the number of ransomware victims declined by 23% compared to the previous quarter. This indicates a shift in attacker strategies rather than a reduction in overall threat capacity. Justin Timothy, Principal Threat Intelligence Analyst at GuidePoint Security, noted, "The quarterly slowdown in publicly reported ransomware incidents appears to stem from more temporary headwinds, such as seasonality, fragmentation, and strategic regrouping within the RaaS ecosystem" [1].
Qilin, the most active threat group of the quarter, experienced an 85% increase in activity. This group leveraged automation to identify and breach large numbers of unpatched systems at scale. Notably, 80% of Qilin's Q2 victims were based in the US, showing a dramatic geographic expansion [1].
The manufacturing, technology, and legal industries were the most heavily impacted, with the US, Singapore, and Canada being the top three countries affected. The healthcare sector, once a top target, dropped out of the top five most targeted industries for the first time since Q2 2022 [1].
Newer ransomware-as-a-service (RaaS) groups like Qilin, Akira, and DragonForce are rapidly scaling attacks using automation and mass vulnerability exploitation. These groups are replacing legacy operators like Cl0p and LockBit, which have lost momentum. For instance, Akira's victim count surged by 348% year-on-year, while DragonForce increased its activity by 119% in Q2 [2].
Vulnerabilities continue to drive ransomware at scale. Qilin exploited Fortinet vulnerabilities CVE-2024-55591 and CVE-2024-21762, while Akira targeted SonicWall and Cisco VPN vulnerabilities. Unpatched systems remain the single largest enabler of ransomware, with over 150,000 vulnerable Fortinet devices still exposed online one month after a patch was released [2].
The US remained the top ransomware target globally, accounting for 67% of all named victims in Q2. German organizations climbed to second place, likely due to the activity of SafePay, which increased its activity by 42% [2].
To defend against these evolving tactics, the report recommends a proactive, layered defense strategy. This includes asset discovery and patch management, strict credential controls, reducing remote monitoring and management (RMM) exposure, monitoring SSH activity, and deploying AI-powered anomaly detection [2].
In conclusion, the Q2 2025 ransomware landscape shows a significant increase in active groups despite a decline in victim numbers. The shift in tactics highlights the need for organizations to remain vigilant and adapt their defensive strategies to counter these evolving threats.
References:
[1] https://www.businesswire.com/news/home/20250710237056/en/Ransomware-Groups-Multiply-as-Attack-Surface-Rapidly-Expands-GuidePoint-Security-Finds
[2] https://www.digit.fyi/q2-ransomware-report/
FTNT--
The number of active ransomware groups has increased by 45% year-over-year to 71 in Q2 2025, despite a 23% decline in ransomware victim numbers. Qilin was the most active threat group, with an 85% increase in activity. The manufacturing, technology, and legal industries were the most heavily impacted, with the US, Singapore, and Canada being the top three countries affected.
The second quarter of 2025 saw a significant increase in the number of active ransomware groups, according to the latest report from GuidePoint Security. The report, titled "Q2 2025 Ransomware & Cyber Threat Report," highlights a 45% year-over-year rise in active groups, climbing from 45 in Q2 2024 to 71 in Q2 2025 [1].Despite this surge, the number of ransomware victims declined by 23% compared to the previous quarter. This indicates a shift in attacker strategies rather than a reduction in overall threat capacity. Justin Timothy, Principal Threat Intelligence Analyst at GuidePoint Security, noted, "The quarterly slowdown in publicly reported ransomware incidents appears to stem from more temporary headwinds, such as seasonality, fragmentation, and strategic regrouping within the RaaS ecosystem" [1].
Qilin, the most active threat group of the quarter, experienced an 85% increase in activity. This group leveraged automation to identify and breach large numbers of unpatched systems at scale. Notably, 80% of Qilin's Q2 victims were based in the US, showing a dramatic geographic expansion [1].
The manufacturing, technology, and legal industries were the most heavily impacted, with the US, Singapore, and Canada being the top three countries affected. The healthcare sector, once a top target, dropped out of the top five most targeted industries for the first time since Q2 2022 [1].
Newer ransomware-as-a-service (RaaS) groups like Qilin, Akira, and DragonForce are rapidly scaling attacks using automation and mass vulnerability exploitation. These groups are replacing legacy operators like Cl0p and LockBit, which have lost momentum. For instance, Akira's victim count surged by 348% year-on-year, while DragonForce increased its activity by 119% in Q2 [2].
Vulnerabilities continue to drive ransomware at scale. Qilin exploited Fortinet vulnerabilities CVE-2024-55591 and CVE-2024-21762, while Akira targeted SonicWall and Cisco VPN vulnerabilities. Unpatched systems remain the single largest enabler of ransomware, with over 150,000 vulnerable Fortinet devices still exposed online one month after a patch was released [2].
The US remained the top ransomware target globally, accounting for 67% of all named victims in Q2. German organizations climbed to second place, likely due to the activity of SafePay, which increased its activity by 42% [2].
To defend against these evolving tactics, the report recommends a proactive, layered defense strategy. This includes asset discovery and patch management, strict credential controls, reducing remote monitoring and management (RMM) exposure, monitoring SSH activity, and deploying AI-powered anomaly detection [2].
In conclusion, the Q2 2025 ransomware landscape shows a significant increase in active groups despite a decline in victim numbers. The shift in tactics highlights the need for organizations to remain vigilant and adapt their defensive strategies to counter these evolving threats.
References:
[1] https://www.businesswire.com/news/home/20250710237056/en/Ransomware-Groups-Multiply-as-Attack-Surface-Rapidly-Expands-GuidePoint-Security-Finds
[2] https://www.digit.fyi/q2-ransomware-report/
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios