Cybercriminals are using AI less to invent new techniques and more to scale proven ones, marking an expansion in their reach over their creativity, according to the Acronis Cyberthreats Report H2 2025. Drawing on telemetry from more than one million endpoints worldwide, the report finds that attacks across email and collaboration platforms surged in the second half of 2025, while ransomware activity continued to rise. Overall, the findings indicate that AI is enabling cybercriminals to execute familiar tactics at greater scale and speed, reinforcing the need for stronger patching, phishing defenses, and proactive threat monitoring.
The Acronis Cyberthreats Report H2 2025 shows that 80% of RaaS (ransomware-as-a-service) operators now promote AI or automation features to affiliates. Email attacks increased 16% per organization and 20% per user, with phishing responsible for 83% of all email-based threats. Advanced attacks targeting collaboration tools climbed sharply, rising from 12% in 2024 to 31% in 2025. At least 150 managed service providers and telecommunications firms were hit by ransomware, with phishing accounting for 52% of initial access and unpatched vulnerabilities responsible for 27%.
Ransomware activity in 2025 remained persistently high and structurally resilient, as ransomware operators sustained pressure throughout the year, with multiple sharp spikes reflecting large-scale campaigns rather than isolated intrusions. The year was characterized by a fragmented but highly productive ecosystem, where a small number of dominant ransomware programs accounted for a disproportionate share of victims, while dozens of smaller or newly formed groups continued to emerge.
The U.S. accounted for 65% of publicly disclosed ransomware victims, far outpacing other countries. Canada followed at 7%, Germany at 6% and the U.K. at 5%. France, Italy, Spain, Brazil and India each represented 3% of victims, while Australia accounted for 2%.
By sector, manufacturing was the most targeted industry at 21%, closely followed by technology at 20%. Health care represented 12% of disclosed victims and business services 10%. Financial services accounted for 9%, consumer services 8%, and transportation and logistics and construction each made up 7%. Education represented 6% of victims.
Among ransomware groups, Qilin led with 23% of publicly disclosed victims, followed by Akira at 18% and Clop at 12%. Play and INC Ransom each accounted for 9%, while Babuk2 represented 8%. RansomHub and DragonForce each held 6%, Lynx accounted for 5%, and SafePay represented 4%. The top three groups alone accounted for a substantial share of total disclosed victims, underscoring the gravitational pull of mature RaaS ecosystems that provide affiliates with proven tooling, infrastructure and monetization workflows.
Clop remains one of the most technically consequential ransomware groups because of its repeated exploitation of high-impact vulnerabilities in enterprise software. In the second half of last year, the emergence of multiple new ransomware brands reflected continued RaaS fragmentation and rebranding, as affiliates shifted programs, operators rebuilt infrastructure or trust eroded in existing groups.
Although many of these new entrants were relatively small, several accumulated victims quickly. Sinobi recorded 151 victims through opportunistic campaigns that relied on exposed remote access services and credential reuse rather than advanced exploits. TheGentlemen claimed 70 victims, primarily small and midsize organizations, by exploiting outdated web applications and misconfigured servers in fast, high-volume operations.
Additionally, CoinbaseCartel, with 61 victims and no connection to the cryptocurrency exchange, used phishing as an entry point before moving laterally across lightly defended networks. Pear accounted for 49 victims, often exploiting third-party integrations and insecure APIs, while Beast targeted weak identity controls, abusing exposed VPN access and inconsistent MFA enforcement instead of zero day vulnerabilities.
These developments highlight how quickly ransomware operators can rebrand or relaunch under new identities, reducing the long-term impact of takedowns. Overall, the 2025 ransomware ecosystem reflects a mature criminal economy defined by scalability through repeatable intrusion paths, fragmentation across nearly 100 active brands and a shift toward data theft and disclosure as the primary leverage tool. Together, these factors help explain why ransomware activity remains high despite increased defensive spending and law enforcement pressure.
In 2025 ransomware disclosures, telecommunications providers were slightly more frequently identified than MSPs or IT service providers. However, both categories exhibit similar seasonality, geographic concentration, and hacker overlap, reinforcing that provider-layer compromise is driven by access aggregation and scale, not sector-specific targeting.
Phishing remains the most common human-centric access vector, frequently enabling credential capture or malware delivery that later facilitates broader compromise. While phishing is more dominant in general ransomware campaigns, its lower share here highlights attackers’ preference for indirect access paths when targeting service providers.
Exploitation of unpatched software was the dominant initial access vector in MSP and supply chain ransomware incidents in 2025. This reflects attackers’ continued success in targeting internet-facing applications, remote access infrastructure and enterprise management platforms where patch latency creates scalable entry points. Credential abuse appears less frequently as a standalone primary vector in public disclosures, though it is widely understood to be underreported.
In many cases, credential compromise likely acts as an intermediate step following phishing or third-party access. Trusted relationship access captures cases where attackers entered environments through compromised partners, suppliers or delegated access. This vector reflects initial access via inherited trust, not lateral propagation after compromise, and is a defining characteristic of supply chain-driven ransomware activity.
Direct exploitation of exposed RDP services is rare in MSP and supply chain disclosures. This reflects a broader shift away from noisy, easily detected entry points toward more reliable and less conspicuous access mechanisms.
In 2025, supply chain and third-party compromises remained a structurally significant attack pattern, affecting at least 1,200 publicly identified victims between January and November. These incidents were not evenly distributed but clustered around specific periods when widely used vendors or service providers were exploited. February marked the peak with 260 victims, more than double the monthly average, illustrating how a single compromised dependency can cascade rapidly across downstream organizations before detection and mitigation take hold.
Although volumes declined after the spike, activity remained steady in subsequent months, reflecting ongoing exploitation of residual access, delayed patching and continued abuse of previously compromised third-party relationships.
Cl0p stands out as the most structurally sophisticated actor in this cohort, favoring highly selective campaigns that exploit shared services, trusted platforms and centralized third-party infrastructure to generate outsized downstream impact. Rather than chasing volume, it prioritizes precision and leverage, reflecting mature reconnaissance and a strategic focus on supply chain dependencies.
Qilin operates at a faster tempo, running frequent campaigns built on reliable, repeatable intrusion paths, with supply chain exposure appearing more opportunistic than strategic. Akira, the most active group by victim count in this subset, combines scale with adaptability, expanding across platforms and third-party environments without relying on a single access vector.
Other groups, including INC Ransom, DragonForce, Lynx, RansomHub, Cactus, Sinobi and Sarcoma, show varying maturity but lack consistent indicators of deliberate supply chain strategy, suggesting their involvement often stems from access reuse or shared infrastructure. Overall, the data underscores that supply chain relevance does not equate to uniform sophistication, as only a small number of actors treat third-party compromise as a strategic multiplier while most encounter it incidentally.
Malware exposure in 2025 followed a clear lifecycle, with elevated activity in the first quarter peaking broadly in March, sustained pressure through May and June, and a steady decline from July that stabilized at lower levels through November. The pattern was campaign-driven rather than region-specific, as both high and low-risk countries showed similar timing.
Nations such as Vietnam, South Korea, Peru, Venezuela, India, Thailand and Brazil recorded repeated spikes above 10% of protected clients early in the year before converging toward mid single-digit levels by the fourth quarter, reflecting burst-style campaigns contained by endpoint defenses. A second tier of countries, including Romania, Spain, Mexico, Israel, Indonesia and Colombia, saw exposure mostly in the 5% to 10% range early on, followed by gradual improvement as patching and hygiene reduced success rates.
Meanwhile, Japan, Singapore, Canada, the U.S., the U.K., Australia, and several Western European countries consistently remained below 4%, with exposure settling around 2% to 3% by late year, underscoring the impact of mature, layered security postures. Overall, attackers concentrated efforts early in the year, but detection improvements and infrastructure reuse steadily eroded campaign effectiveness.
Throughout the observed period, the U.S. recorded consistently higher normalized endpoint malware detection rates than Canada, signaling greater relative exposure. The sharpest divergence came in spring 2024, when the U.S. experienced a pronounced spike followed by several midyear peaks tied to short, intensive campaigns, while Canada remained lower and more stable without major outliers.
By 2025, both countries converged toward steadier, reduced levels, with Canada maintaining a flatter risk profile. A similar pattern appeared in web-based threats: the U.S. saw significantly higher exposure in early 2024 before a sharp late-year drop narrowed the gap. In 2025, the two countries tracked more closely, with only minor alternating peaks, suggesting broadly comparable web threat exposure once normalized.
Clearly, threat activity in the second half of 2025 shows a worsening cybersecurity landscape, with attacks growing in both scale and sophistication. Adversaries are increasingly abusing trusted platforms, legitimate tools and human interaction instead of relying solely on obvious malware, making detection harder. For MSPs and MSSPs, the risk is amplified because one breach can cascade across multiple managed environments. The findings underscore the need for a unified cyber protection approach that integrates prevention, detection, response and recovery to strengthen resilience while reducing operational complexity.
Acronis projects that in 2026 AI will become a standard tool for adversaries, who will pair it with deeper exploitation of cybercrime ecosystems and high-impact compromise paths such as virtualization platforms and agent misuse. At the same time, AI systems themselves will introduce a new category of operational risk that falls between traditional software flaws and human process failures. Threats such as indirect prompt injection, workflow manipulation and data leakage through connectors will aim to influence AI behavior rather than breach the underlying platform. These risks are difficult to eliminate through filtering alone and must instead be addressed through stronger system design, separation of controls and governance.
For MSPs, the most immediate danger lies in AI-driven automation granted broad trust and access. Tools used for ticket triage, scripted remediation or configuration guidance can be manipulated through untrusted inputs or poorly scoped integrations, leading to unsafe actions or unintended data exposure at scale. The concern is less about isolated AI mistakes and more about how quickly and opaquely those errors can cascade across managed environments without strong approval and auditing controls.
The report also anticipates a continued shift from encryption-led ransomware to extortion-first operations, where data theft, regulatory pressure and business disruption generate leverage even without file locking. For MSPs, this raises the stakes around multitenant data exposure and downstream compliance fallout. Meanwhile, identity will remain the most scalable intrusion path, particularly through nonhuman identities such as service accounts, API keys and automation tokens. Attackers are expected to target MSP identity fabrics, including SSO and privileged access systems, to gain repeatable, high-impact access across multiple customers.
