2025 - Overview of Ransomware Trends

Uploaded on 2025-08-01 in FREE TO VIEW

The 2025 Semperis Ransomware Risk Report reveals a modest decline in ransomware attack frequency and success rates globally. However, the overall threat landscape remains severe, with 78% of surveyed organisations targeted in the past year.

While fewer attacks succeeded compared to 2024, 73% of victims experienced multiple incidents, and 55% of those who paid ransoms did so more than once.
 
Despite these slight improvements, the report warns against complacency. Cyberattacks continue to be the leading threat to business resilience, with increasing sophistication, identity infrastructure compromise, and legacy system vulnerabilities topping the list of concerns.
 
Ransom Payments & Business Disruption
 
Although ransom payments declined slightly worldwide (69% of victims paid), the United States saw an increase, with 81% of organisations paying. Alarmingly, 15% of victims did not receive usable decryption keys, and 3% found their stolen data published or misused.
 
Business disruptions remain widespread and costly. Half of the organisations that paid ransoms lost between $500,000 and $1 million annually, while 8% lost over $1 million. Collateral damage included job losses, data breaches, and increased cyber insurance premiums or cancellations. Recovery times worsened, with only 23% of organisations resuming operations within a day, down from 39% the previous year.

Identity Infrastructure: A Critical Vulnerability

Identity systems such as Active Directory (AD), Entra ID, and Okta were compromised in 83% of attacks. These systems are central to organisational operations, and their compromise allows attackers to escalate privileges and move laterally within networks.
 
Despite widespread adoption of Identity Threat Detection and Response (ITDR) strategies (90%), only 66% of organisations include AD recovery in their disaster recovery plans, and just 60% maintain dedicated AD-specific backup systems. This gap presents a significant opportunity for attackers.
 
Experts stress the importance of restoring identity systems to a trustworthy state as a foundation for broader recovery efforts. Without this, organisations cannot regain access to other critical resources.

Expert Recommendations For Resilience

The report outlines four key strategies for improving ransomware resilience:  

  • Prepare for Evolving Tactics: Attackers are increasingly using threats beyond data destruction, including regulatory complaints and physical intimidation. The rise of generative AI has lowered the barrier to entry for cybercriminals, enabling rapid development of sophisticated attack tools. 

Organisations must implement automated defence and recovery solutions powered by AI and machine learning to detect and respond to threats more effectively.  

  • Strengthen IAM Infrastructure: Identity and Access Management (IAM) systems are the primary target for attackers. Organisations should adopt a granular approach to governance, detection, and recovery. Key questions include:  

- Can hybrid AD environments be quickly assessed for compromise?
- Is there a reliable plan to recover AD and Entra ID?
- Can IAM systems be restored to a trustworthy state?   

  • Train and Test Response Plans: Effective crisis response requires well-documented, rehearsed procedures. Regular training exercises involving all levels of staff—from executives to technical teams—are essential. These should simulate real-world attack scenarios to ensure preparedness.
  •  Assess Third-Party Risks: Supply chain vulnerabilities pose a significant threat. Organisations must evaluate the cybersecurity posture of partners, vendors, and consultants with access to sensitive systems. Regulatory frameworks like the EU’s Digital Operational Resilience Act (DORA) mandate such assessments in certain sectors.

Regional & Sector Insights 

The report includes detailed breakdowns by country and industry. Key findings include:

  • Germany reported the highest attack rate (90%), with a significant increase from 2024.
  •  IT/Telecom and Manufacturing/Utilities sectors were most frequently targeted.
  • UK organisations saw a 28-point drop in same-day recovery rates.
  • Healthcare and Government sectors experienced the longest recovery times.
  • Singapore and Australia/New Zealand had high ransom payment rates (85% and 80%, respectively).

Building A Culture of Resilience

While the report offers cautious optimism, it underscores the need for continuous investment in cybersecurity across people, processes, and technology. Organisations must adopt a proactive, organisation-wide culture of resilience to counter the evolving ransomware threat.
 
As Semperis CEO Mickey Bresman notes, “Paying ransoms should never be the default option. The only real way to break the ransomware scourge is to invest in resilience.”

 Image: Unsplash

You Might Also Read:

IAM Failures: Lessons From 2025’s Biggest Breaches:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Underfund Youth Today, Undermine Cybersecurity Tomorrow
AI Transforms Google Search: What It Means For Users, Websites & The Internet »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Celare

Celare

Celare delivers DPI based network perimeter monitoring solutions with integrated Big Data security analytics and threat detection.

Red Canary

Red Canary

Red Canary continuously monitors and analyzes your endpoints, users, and network activity in search of threatening behaviors, patterns, and signatures.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Nemko

Nemko

Nemko offers testing, inspection, and certification services worldwide, mainly concerning products and systems, but also for machinery, installations, and personnel.

Ackcent Cybersecurity

Ackcent Cybersecurity

Ackcent's mission is to help our clients to protect their critical digital assets by providing them with a portfolio of specialised professional services.

BlockAPT

BlockAPT

BlockAPT, empowering you with an advanced, intelligent cyber defence platform. We protect our customers digital assets by unifying operational technologies against advanced persistent threats.

Moore ClearComm

Moore ClearComm

Moore ClearComm is part of Moore Kingston Smith a leading UK firm of accountants and business advisers. Our services include Data Privacy, Cyber Security, Business Continuity and Information Security.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

Corinium Global Intelligence

Corinium Global Intelligence

At Corinium, we have been bringing together the brightest minds in data, AI and info sec since 2013, to innovate at the intersection of technological advancements and critical thinking.

MadWolf Technologies

MadWolf Technologies

MadWolf’s mission is to deliver enterprise-quality managed services and focused applications to organizations operating in the non-profit, association and international development sectors.

Synersoft BLACKbox

Synersoft BLACKbox

Synersoft, the maker of path-breaking and disruptive technology for SMEs, now branded as BLACKbox, is an incubated and invested portfolio company of CIIE - IIM-Ahmedabad.

Cyberoo

Cyberoo

We are Cyberoo, a European company specialized in Cybersecurity. We monitor your data security, leaving you free to focus on your business.