Akamai Ransomware Report 2025

Keypoints

• The report typically begins with an introduction describing the ransomware landscape and evolving threats, followed by key insights, detailed sections on attack patterns, extortion tactics, RaaS ecosystem, industry trends, impacts on operational continuity, mitigation strategies, and concludes with methodology and credits.
• Key statistics reveal a 37% increase in ransomware in 2024, with ransomware responsible for 44% of global data breaches, particularly impacting APAC (51%) and EMEA (27%) regions.
• Generative AI and large language models are being leveraged by groups like FunkSec to develop ransomware code, launch social engineering and phishing campaigns, and automate negotiations, increasing attack scalability and sophistication.
• Extortion tactics have evolved from single to quadruple extortion, combining encryption, data theft, DDoS threats, and regulatory compliance weaponization to maximize pressure and ransom payouts.
• The emergence of ransomware hacktivist groups—such as Head Mare, Twelve, NullBulge, CyberVolk, Stormous, KillSec, Dragon RaaS, and DragonForce—blurs lines between financial crime and ideological attacks, often leveraging RaaS platforms.
• Regulatory compliance is increasingly used as an extortion tool, with groups like Anubis, RansomHub, WereWolves, and ALPHV/BlackCat threatening victims with legal penalties under laws like GDPR, HIPAA, and SEC regulations to increase ransom demands.
• Ransomware-as-a-Service (RaaS) ecosystems involve developers, affiliates, and initial access brokers, making ransomware operations more accessible and scalable; notable groups include RansomHub, CL0P, FunkSec, and LockBit 3.0.
• RansomHub utilizes double extortion and evasion tools to target healthcare, education, and public sectors, while CL0P exploits zero-day vulnerabilities for high-value targets and employs triple to quadruple extortion methods.
• FunkSec uniquely incorporates AI-generated ransomware and auction platforms for stolen data, signaling a shift toward AI-powered ransomware operations and recruitment of less skilled threat actors.
• Regional ransomware activity is prominent globally, with APAC, EMEA, and LATAM facing significant threats from both established and emerging ransomware groups, each exploiting local regulatory environments and organizational vulnerabilities.
• Collaborative efforts among law enforcement, cybersecurity providers, and public-private partnerships are key to mitigating the impact of ransomware, including FBI decryption efforts and cyber insurance incentives.