Acronis Cyberthreats Report Finds AI-Powered Phishing, Social Engineering Fuelling Surge in Ransomware
Leveraging Artificial Intelligence for Low-Effort, High-Reward Ransomware Campaigns
Acronis, a global leader in cybersecurity and data protection, has released the findings of the Acronis Cyberthreats Report H1 2025, detailing the most popular threat vectors, active threat groups, and targeted industries in the first half of 2025. Ransomware remains the major threat for large and medium-sized businesses, with new groups increasingly leveraging Artificial Intelligence (AI) to automate their activities – phishing accounted for 25% of all attacks and 52% of attacks targeted MSPs, a 22% increase compared to 1H 2024.
The biannual Acronis Cyberthreats report covers the global threat landscape as encountered by the Acronis Threat Research Unit (TRU) and Acronis sensors on Windows endpoints from January through June 2025. Based on signals from over 1,000,000 unique endpoints distributed around the world, the report also incorporates statistics focused on threats targeting Windows operating systems, given their prevalence as compared to macOS and Linux.
“While the endgame for cybercriminals is still ransomware, how they get there is changing,” said Gerald Beuchelt, CISO at Acronis about the Acronis Cyberthreats report’s findings. “Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks and automating their activities with minimal effort. The result is that MSPs, manufacturers, ISPs, and others are constantly exposed to sophisticated attacks, including increasingly advanced deepfakes, and all it takes is one mistake to put the organisations’ entire future at risk. To survive in this threat landscape and avoid damaging ransomware payloads, a holistic cyber protection strategy that incorporates advanced detection, response, and recovery capabilities is essential.”
Key Findings of the Acronis Cyberthreats Report H1 2025
- Ransomware is Still Top-Dog: The number of publicly known ransomware victims increased nearly 70% over the measured time period, as compared to both 2023 and 2024. Cl0p, Akira, and Qlin are the most active ransomware gangs.
- AI Powering Surge in Social Engineering: Ransomware gangs are increasingly utilising AI, and this is reflected in their chosen threat vectors—social engineering and BEC attacks increased from 20% to 25.6% in January 2025 through May 2025 compared to the same period in 2024, likely due to the growth in AI use for crafting convincing impersonations. Malware was discovered in 1.47% of Microsoft 365 email backups.
- MSPs Bombarded by Phishing and BEC Attacks: While the overall number of attacks targeting MSPs fell over the measured time period, the nature of attacks changed significantly; phishing accounted for 52% of all attacks targeting MSPs as compared to 30% in 2024, while Remote Desktop Protocol (RDP) attacks all but vanished
- Not All Phishing Attacks are Created Equal: While phishing is the weapon of choice for attackers, they are increasingly focusing on collaboration apps, eschewing simple BEC campaigns. Almost 25% of the attacks in collaboration apps leveraged AI-generated deepfakes or automated exploits.
- Manufacturers in the Crosshairs: Manufacturing was ransomware gangs’ most targeted industry, representing 15% of all recorded cases in Q1 2025. Retail, food and drink (12%) and telcos and media (10%) were also popular targets.
For more information, download a copy of the full Acronis Cyberthreats H1 2025 Report here: https://www.acronis.com/en-us/resource-center/resource/acronis-cyberthreats-report-h1-2025.
To learn more about the Acronis Cyberthreats report and its findings, visit the Acronis blog here: https://www.acronis.com/en-us/blog/posts/acronis-cyberthreats-report-h1-2025-some-good-news-and-a-lot-of-bad-news.
