The Ontinue threat intelligence report indicates that while ransom payments have decreased due to better law enforcement and organizational resilience, the threat remains aggressive. Attackers are increasingly using AI, trusted platforms, and legitimate software tools to breach defenses. Experts like Casey Ellis of Bugcrowd suggest that the ransomware business model is evolving, with a shift towards exfiltration-based extortion, where stolen data is used as leverage for ransom demands. The landscape is described as an arms race, with threat actors continually adapting to counter improved defenses.
Key takeaways:
- Ransomware attacks have surged by 132% into Q1 2025, despite a 35% drop in ransom payments.
- Social engineering using AI deception, such as deepfake phishing, has increased by 1,633% in Q1 2025 compared to the last quarter of 2024.
- Cybercriminals are adapting by using adversary-in-the-middle attacks and targeting operational technology environments more frequently.
- Ransomware payments are down due to increased law enforcement pressure and better international collaboration, but the threat landscape is becoming more aggressive with a shift toward exfiltration-based extortion.