Ransomware remains top threat to large and midsized businesses, most active groups are increasingly leveraging AI for low-effort, high-reward campaigns

SCHAFFHAUSEN, Switzerland, Aug. 20, 2025 (GLOBE NEWSWIRE) -- Acronis, a global leader in cybersecurity and data protection, today released the findings of the Acronis Cyberthreats Report H1 2025, detailing the most popular threat vectors, active threat groups, and targeted industries in the first half of 2025. Ransomware remains the major threat for large and medium-sized businesses, with new groups increasingly leveraging AI to automate their activities – phishing accounted for 25% of all attacks and 52% of attacks targeting MSPs, a 22% increase compared to 1H 2024.

The biannual report covers the global threat landscape as encountered by the Acronis Threat Research Unit (TRU) and Acronis sensors on Windows endpoints from January through June 2025. Based on signals from over 1,000,000 unique endpoints distributed around the world, the report also incorporates statistics focused on threats targeting Windows operating systems, given their prevalence as compared to macOS and Linux.

“While the endgame for cybercriminals is still ransomware, how they get there is changing,” said Gerald Beuchelt, CISO at Acronis. “Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks and automating their activities with minimal effort. The result is that MSPs, manufacturers, ISPs, and others are constantly exposed to sophisticated attacks, including increasingly advanced deepfakes, and all it takes is one mistake to put the organizations'entire future at risk. To survive in this threat landscape and avoid damaging ransomware payloads, a holistic cyber protection strategy that incorporates advanced detection, response and recovery capabilities is essential.”

Key Findings of the Acronis Cyberthreats Report H1 2025 include:

• Ransomware is Still Top-Dog: The number of publicly known ransomware victims increased nearly 70% over the measured time period, as compared to both 2023 and 2024. Cl0p, Akira, and Qlin are the most active ransomware gangs.
   
• AI Powering Surge in Social Engineering: Ransomware gangs are increasingly utilizing AI, and this is reflected in their chosen threat vectors - social engineering and BEC attacks increased from 20% to 25.6% in January 2025 through May 2025 compared to the same period in 2024, likely due to the growth in AI use for crafting convincing impersonations. Malware was discovered in 1.47% of Microsoft 365 email backups.
   
• MSPs Bombarded by Phishing and BEC Attacks: While the overall number of attacks targeting MSPs fell over the measured time period, the nature of attacks changed significantly; phishing accounted for 52% of all attacks targeting MSPs as compared to 30% in 2024, while Remote Desktop Protocol (RDP) attacks all but vanished.
   
• Not All Phishing Attacks are Created Equal: While phishing is the weapon of choice for attackers, they are increasingly focusing on collaboration apps, eschewing simple BEC campaigns. Almost 25% of the attacks in collaboration apps leveraged AI-generated deepfakes or automated exploits.
   
• Manufacturers in the Crosshairs: Manufacturing was ransomware gangs'most targeted industry, representing 15% of all recorded cases in Q1 2025. Retail, food and drink (12%) and telcos and media (10%) were also popular targets.

For more information, download a copy of the full Acronis H1 2025 Cyberthreats Report here: https://www.acronis.com/en-us/resource-center/resource/acronis-cyberthreats-report-h1-2025

To learn more about the report and its findings, visit the Acronis blog here: https://www.acronis.com/en-us/blog/posts/acronis-cyberthreats-report-h1-2025-some-good-news-and-a-lot-of-bad-news

About Acronis: 
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), and enterprise IT departments. Acronis solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. Acronis offers the most comprehensive security solution on the market for MSPs with its unique ability to meet the needs of diverse and distributed IT environments. 
 
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 21,000 service providers to protect over 750,000 businesses. Learn more at www.acronis.com. 

Acronis Press Contact: 
Julia Carfagno
Senior Global Communications Manager
Julia.Carfagno@acronis.com  

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/a17f815d-bf72-4cc5-b532-0059ac5fa0d0