In its State of the Internet 2025 report, Akamai shows how some ransomware groups are acting more like hacktivists — hackers who attack systems to support a political or social agenda.
Ransomware-as-a-service or RaaS groups with hacktivist motivations are using ransom payments to fund campaigns to advance their ideologies.
“We are seeing actors like DragonForce and KillSec blend ideology with extortion, turning ransomware into a weapon of disruption rather than just a tool for profit. This fusion of hacktivism and RaaS blurs attribution and complicates response,” Reuben Koh, director of security technology and strategy, Asia-Pacific & Japan, Akamai, told ET.
Such RaaS groups rely on a broader criminal ecosystem made up of developers, affiliates, the zero-day market, and initial access brokers who are key to orchestrating attacks.
Notable hacktivist groups
One of the biggest hacktivist groups is Malaysia-based DragonForce. The group focuses especially on disrupting systems in India and Israel. It has launched major ransomware attacks across other countries as well, including the UK and the United States.
Another group, Stormous, has attacked big companies such as soft drink manufacturer Coca-Cola and Barbie doll maker Mattel, and often leaves ransom notes in Arabic. It targets countries seen as unfriendly to Russia or aligned with Western interests, including France, Spain, the US, and India.
Then there is KillSec, which began its attacks in October 2023. It supports pro-Russian political ideas and mainly targets the government and healthcare sectors. KillSec has shown a particular interest in targeting Asian countries such as India and Bangladesh, as well as other countries, including the United States.
CyberVolk, which started as a political hacktivist group in 2024, also began using ransomware to attack critical systems in NATO-aligned (North Atlantic Treaty Organisation) countries. It started using ransomware for retaliation against adversaries of Russia or India, and often targets Spain.
Ransomware operations in India
The report also cited data from eCrime Threat and Risk Intelligence Services, which shows that Asia was a major target for ransomware attacks. In 2024, India experienced 17 attacks on its financial institutions, surpassing the UK’s 16 and Canada’s 11.
However, these figures are still far lower than the 151 attacks reported in the US last year.
“India’s growing geopolitical relevance and digital infrastructure make it a high-value target for hybrid ransomware groups, said Koh. “This highlights the urgent need for resilient, intelligence-led cyber defences across Indian enterprises and critical infrastructure that can adapt to the ever-changing threat landscape and adversaries.”
Reducing ransomware impact
Since 2022, FBI decryption keys have helped victims in the US avoid over $800 million in ransom payments. Decryption protects sensitive data like financial records and personal information, by keeping it secure yet accessible.
Governments are banning ransom payments to threat actors, since paying doesn’t guarantee data recovery. Meanwhile, cyber insurance providers are incentivising organisations to strengthen security programs and offering their negotiating skills to lower ransomware payments.
Click Here For The Original Source.
