[ad_1]
Coveware by Veeam has published its Q2 2025 ransomware report, detailing a sharp rise in targeted social engineering attacks and a significant increase in ransom payments, with data exfiltration-led extortion playing a central role.
Data exfiltration drives ransom surge
The report reveals that both average and median ransom payments have risen markedly over the last quarter, with the average payout exceeding USD $1 million. The average ransom climbed 104% from the previous quarter to USD $1.13 million, while the median doubled to USD $400,000. The increase is driven by larger organisations opting to pay ransoms after experiencing data exfiltration-only incidents. Despite the jump in payout amounts, the proportion of organisations paying ransoms remained constant at 26%.
Executive analysis suggests the ransomware landscape has entered a new phase, with a marked shift in attacker tactics. Bill Siegel, Chief Executive Officer of Coveware by Veeam, commented,
“The second quarter of 2025 marks a turning point in ransomware, as targeted social engineering and data exfiltration have become the dominant playbook. Attackers aren’t just after your backups – they’re after your people, your processes, and your data’s reputation. Organisations must prioritise employee awareness, harden identity controls, and treat data exfiltration as an urgent risk, not an afterthought,”
Shifting attack methods
Coveware by Veeam’s research shows that three primary ransomware groups – Scattered Spider, Silent Ransom, and Shiny Hunters – dominated during the quarter, abandoning mass opportunistic attacks in favour of precision targeting. These groups leveraged sophisticated impersonation tactics, often aimed at help desks, employees, and third-party providers, to circumvent technical safeguards and gain access to systems.
The report notes that data theft has emerged as the primary method of extortion, overtaking traditional system encryption. Data exfiltration factored into 74% of all cases studied, with threat actors focusing on stealing and threatening to release sensitive information instead of encrypting files. There has also been an increase in multi-extortion tactics, such as follow-up ransom demands long after the initial breach, keeping organisations at risk over a protracted period.
Industry and victim profiles
Professional services, healthcare, and consumer services bore the largest share of attacks in Q2 2025, with professional services accounting for 19.7%, and healthcare and consumer services each comprising 13.7% of total victims. Mid-sized organisations with 11–1,000 employees were most frequently targeted, constituting 64% of all cases. The report suggests this group presents an attractive target for attackers, as it balances greater payout potential with generally lower cyber defence maturity.
Human factor remains critical vulnerability
The analysis reiterates that the human element remains a central vulnerability, as attackers increasingly rely on credential compromise, phishing, and remote service exploitation for initial access. Social engineering techniques were frequently employed to bypass technical security controls, and vulnerabilities in commonly used platforms – including Ivanti, Fortinet, and VMware – were exploited to facilitate unauthorised access. A notable trend is the rise in “lone wolf” attacks by experienced extortionists utilising generic, unbranded hacking toolkits.
In terms of specific ransomware variants, the report lists Akira (19%), Qilin (13%), and Lone Wolf (9%) as the most prevalent in Q2. Silent Ransom and Shiny Hunters also reached the top five for the first time, reflecting a dynamic threat landscape with new entrants reshaping rankings.
Recommendations and outlook
Coveware by Veeam’s findings are based on direct involvement in incident response, employing proprietary forensic tools, and systematically documenting threat actor behaviour and outcomes. By doing so, they assess evolving trends in attack methods and provide insights for improving defensive measures.
According to Coveware by Veeam, the most significant threats currently facing organisations are targeted social engineering attacks and data exfiltration. Industries such as professional services, healthcare, and consumer services are most affected, particularly amongst mid-sized firms.
The report outlines that, in 2025, attackers are focusing on credential compromise, phishing, and the exploitation of remote services, generally circumventing technical controls via social engineering. It also highlights the emergence of “lone wolf” actors making use of generic toolkits and platform vulnerabilities.
To mitigate ransomware risk, Coveware by Veeam recommends enhancing employee security awareness, strengthening identity controls, and giving priority to addressing data exfiltration risk. They note that utilising resilience and recovery solutions can help organisations minimise exposure and ensure business continuity.
[ad_2]
Source link
