New research finds dozens of new bad actors and growing unpredictability of attacks
BOSTON, May 13, 2025 /PRNewswire/ — Black Kite, the leader in third-party cyber risk intelligence, today announced its newest report, 2025 Ransomware Report: How Ransomware Wars Threaten Third-Party Cyber Ecosystems, which provides a deep analysis into evolving ransomware trends and threats. The report found that threats have escalated with more actors, less predictability, and deeper entanglement in supply chains, underscoring an urgent need for organizations to implement intelligence-driven defenses and proactive vendor monitoring.
“Ransomware has evolved, not in sophistication but in strategy,” said Ferhat Dikbiyik, Black Kite. “Since the fall of LockBit and AlphaV ransomware syndicates, the cybercriminal landscape has been defined by chaos and recalibration, with dozens of new actors that are unpredictable in how, where, and why. We are entering a new era of ransomware where the growth in victim count signals more than just an activity surge. There is a deeper shift in how ransomware groups operate and who they target, with small and mid-sized businesses becoming the new frontline. As the barriers are now lowered with less sophisticated but effective actors entering the field, organizations need to understand their cyber ecosystem risk by shifting their cybersecurity posture from visibility to anticipation and response to resilience.”
Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. As uncovered by Black Kite’s Research & Intelligence Team (BRITE), the number of publicly disclosed victims saw a 25% increase from the previous year. This follows a steep rise in the previous period with an 81% surge, amounting to a 123% increase over two years. The year also saw a noticeable uptick in attacks against small and mid-sized businesses (SMBs) due to their less robust cybersecurity defenses and lower risks of retaliation, and a rise in supply chain warfare with attackers focused on third-party vendors where just one compromised provider can disrupt dozens to hundreds of downstream organizations. These incidents, often called silent breaches, can go unnoticed until their ripple effects halt operations across industries.
Leveraging data and machine learning, Black Kite’s Ransomware Susceptibility Index® (RSI™) proved to be a critical signal. A numerical score between 0.0 and 1.0, with a higher score representing greater susceptibility to a ransomware attack, RSI goes beyond cyber risk metrics and provides a composite score that incorporates technical indicators and intrinsic risk factors. In fact, for those with RSI above 0.8, nearly half (46%) were attacked, and most organizations showed rising RSI trends well before a breach.
