Ransomware’s New Tactic: Creating Chaos
▼ Summary
– Ransomware attacks are increasing in frequency and severity, with a 20% rise in victims in 2024 and a 67% jump in the first half of 2025 compared to the same period last year.
– Attackers are evolving their tactics, using AI for automation and shifting towards quadruple extortion, which adds DDoS attacks and harassment of third parties to traditional data encryption and theft.
– While fewer victims are paying ransoms, with the payment rate dropping to 23% in Q3 2025, the median ransom payment has fallen by 50% as companies become more successful at negotiation.
– The collapse of major ransomware groups has created a fragmented threat landscape with many new, less disciplined actors, leading to a surge in attack volume and unpredictability.
– The operational impact of ransomware is severe, forcing 58% of affected organizations to shut down operations and causing significant revenue loss, customer attrition, and job cuts.
The landscape of digital extortion is undergoing a significant transformation, marked by a surge in attack frequency and a dangerous evolution in tactics. While fewer organizations are choosing to pay ransoms, the operational and financial chaos inflicted by these attacks is reaching new heights, demanding a strategic reassessment of cybersecurity defenses.
A troubling pattern has emerged where over half of ransomware incidents occur during weekends or holidays, exploiting periods of reduced staffing and vigilance. Attackers capitalize on these windows to infiltrate systems more deeply before detection. Although some metrics show a positive trend, such as a decline in data encryption events and faster recovery times, the overall threat has intensified. Attackers are now demanding larger sums, and the pressure on security teams is palpable.
The economics of ransomware are shifting. Recent data indicates that only 23 percent of victims paid a ransom in a recent quarter, with even lower rates for attacks involving pure data theft without encryption. This downturn has prompted criminal groups to adapt. Some, like Akira, focus on mid-market companies with smaller, more frequent demands. Others have pivoted exclusively to targeting large enterprises perceived as having deeper pockets, seeking massive payouts.
Despite the lower payment rates, the volume of attacks is climbing sharply. In the first half of this year, ransomware groups publicly claimed over 3,700 victims, representing a substantial increase from previous periods. This resurgence is partly fueled by a fracturing criminal ecosystem. The decline of major syndicates like LockBit and AlphV created a power vacuum, leading to a surge of less disciplined but highly active new actors, increasing unpredictability across the threat landscape.
The methodology of extortion is also becoming more complex and aggressive. While double extortion, encrypting data and threatening to leak it, remains common, a new quadruple extortion tactic is emerging. This approach adds disruptive Distributed Denial-of-Service (DDoS) attacks and the harassment of a victim’s customers, partners, and even media outlets to amplify pressure. The goal is no longer just to lock data but to create widespread operational paralysis and reputational damage.
Negotiation is becoming a critical skill for targeted organizations. While nearly half of affected companies paid a ransom in the past year, a high figure, over half of those paid less than the initial demand through direct or third-party negotiation. This trend is reflected in financial data showing the median ransom payment dropping significantly, even as demands remain high. However, the collateral damage is severe: a majority of attacked organizations face operational shutdowns, with many reporting substantial revenue loss, customer attrition, and job cuts.
Looking ahead, ransomware is predicted to be the top cyber threat, with a particular concern being its fusion with artificial intelligence. Security professionals express deep apprehension, with a significant majority believing AI will make ransomware even more dangerous. Alarmingly, a large preparedness gap exists, with only a minority of security teams feeling very ready to counter these advanced threats. As attacks increasingly ripple through supply chains, with incidents involving vendors soaring in both frequency and cost, the imperative for comprehensive, resilient security strategies has never been greater.
(Source: HelpNet Security)
