With International Anti-Ransomware Day approaching on May 12, Kaspersky presents its annual\u00a0report\u00a0on the evolving global and regional ransomware cyberthreat landscape.<\/p>\n
According to\u00a0Kaspersky Security Network\u00a0data, the Middle East, APAC and African regions are leading by the share of users attacked by ransomware, with Latin America, CIS (Commonwealth of Independent States) and Europe trailing behind. Globally from 2023 to 2024 the share of users affected by ransomware attacks increased to\u00a00.44% by 0.02 p.p.<\/strong>\u00a0The seemingly small percentage is typical for ransomware and is explained by the fact that attackers often don\u2019t distribute this type of malware on a mass scale, but prioritize high-value targets, which reduces the overall number of incidents.<\/p>\n Share of users whose computers were attacked by crypto-ransomware, by region In the\u00a0Middle East<\/strong>\u00a0and\u00a0Asia-Pacific<\/strong>\u00a0regions, ransomware affected a higher share of users due to rapid digital transformation, expanding attack surfaces and varying levels of cybersecurity maturity. Enterprises in APAC were heavily targeted, driven by attacks on infrastructure and operational technology, especially in countries with growing economies and new data privacy laws.<\/p>\n Ransomware is less prevalent in\u00a0Africa<\/strong>\u00a0due to lower levels of digitization and economic constraints, which reduce the number of high-value targets. However, as countries like South Africa and Nigeria expand their digital economies, ransomware attacks are on the rise, particularly in the manufacturing, financial and government sectors. Limited cybersecurity awareness and resources leave many organizations vulnerable, though the smaller attack surface means the region remains behind global hotspots.<\/p>\n Latin America<\/strong>\u00a0also experiences ransomware attacks, particularly in Brazil, Argentina, Chile and Mexico. Manufacturing, government, and agriculture, as well as critical sectors such as energy and retail are targeted, but economic constraints and smaller ransoms deter some attackers. Despite this, the region\u2019s growing digital adoption is increasing exposure.<\/p>\n The\u00a0Commonwealth of Independent States\u00a0<\/strong>sees a smaller share of users encountering ransomware attacks. However, hacktivist groups such as\u00a0Head Mare,\u00a0Twelve\u00a0and others active in the region often use ransomware such as LockBit 3.0 to inflict damage on target organizations. Manufacturing, government and retail sectors are the most targeted, with varying levels of cybersecurity maturity across the region affecting security\u00a0.<\/p>\n Europe<\/strong>\u00a0is consistently targeted with ransomware but benefits from robust cybersecurity frameworks and regulations that deter some attackers. Sectors such as manufacturing, agriculture, and education are often targeted, but mature incident response and awareness limit the scale of attacks. The region\u2019s diversified economies and strong defenses make it less of a focal point for ransomware groups than regions with rapid, less secure digital growth.<\/p>\n Current and emerging ransomware trends<\/strong><\/p>\n AI tools were increasingly used in ransomware development<\/strong>, as demonstrated by FunkSec, a ransomware group that emerged in late 2024 and quickly gained notoriety by surpassing established groups like Cl0p and RansomHub with multiple victims claimed in December alone. Operating under a Ransomware-as-a-Service (RaaS) model, FunkSec employs double extortion tactics \u2014 combining data encryption with exfiltration \u2014 targeting sectors such as government, technology, finance, and education in Europe and Asia. The group\u2019s heavy reliance on AI-assisted tools sets it apart, with its ransomware featuring AI-generated code, complete with flawless comments, likely produced by Large Language Models (LLMs) to enhance development and evade detection. Unlike typical ransomware groups demanding millions, FunkSec adopts a high-volume, low-cost approach with unusually low ransom demands, further highlighting its innovative use of AI to streamline operations.<\/p>\n The RaaS (Ransomware-as-a-Service) model remains the predominant framework for ransomware attacks<\/strong>, fueling their proliferation by lowering the technical barrier for cybercriminals. In 2024, RaaS platforms like RansomHub thrived by offering malware, technical support and affiliate programs that split the ransom. This model enables less-skilled actors to execute sophisticated attacks, contributing to the emergence of multiple new ransomware groups in 2024 alone.<\/p>\n In 2025, ransomware is expected to evolve by exploiting unconventional vulnerabilities<\/strong>, as demonstrated by the Akira gang\u2019s\u00a0use of a webcam\u00a0to bypass endpoint detection and response systems and infiltrate internal networks. Attackers are likely to increasingly target overlooked entry points like IoT devices, smart appliances or misconfigured hardware in the workplace, capitalizing on the expanding attack surface created by interconnected systems. As organizations strengthen traditional defenses, cybercriminals will refine their tactics, focusing on stealthy reconnaissance and lateral movement within networks to deploy ransomware with greater precision, making it harder for defenders to detect and respond in time.<\/p>\n The proliferation of LLMs tailored for cybercrime will further amplify ransomware’s reach and impact<\/strong>. LLMs marketed on the dark web lower the technical barrier to creating malicious code, phishing campaigns and social engineering attacks, allowing even less skilled actors to craft highly convincing lures or automate ransomware deployment. As more innovative concepts such as\u00a0RPA (Robotic Process Automation)<\/u>\u00a0and\u00a0LowCode, which provide an intuitive, visual, AI-assisted drag-and-drop interface for rapid software development, are quickly adopted by software developers, we can expect ransomware developers to use these tools to automate their attacks as well as new code development, making the threat of ransomware even more prevalent.<\/p>\n \u201cRansomware is one of the most pressing cybersecurity threats facing organizations today, with attackers targeting businesses of all sizes and across every region. In our report we highlight that there is a concerning shift toward exploiting overlooked entry points \u2014 including IoT devices, smart appliances, and misconfigured or outdated workplace hardware. These weak spots often go unmonitored, making them prime targets for cybercriminals. To stay secure, organizations need a layered defense: up-to-date systems, network segmentation, real-time monitoring, robust backups, and continuous user education. Building cyber awareness at every level is just as important as investing in the right technology,\u201d comments Dmitry Galov, Head of Research Center for\u00a0Russia\u00a0and CIS at\u00a0Kaspersky’s\u00a0GReAT.<\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":" Anti-Ransomware Day was established on May 12 in 2020 by INTERPOL in collaboration with Kaspersky to commemorate the anniversary of the infamous WannaCry ransomware attack that occurred on May 12, 2017. The purpose of Anti-Ransomware Day is to raise global awareness about the threats posed by ransomware and to promote best practices for prevention and […]<\/p>\n","protected":false},"author":1,"featured_media":12374,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":{"0":"post-354667","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security"},"_links":{"self":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/354667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/comments?post=354667"}],"version-history":[{"count":0,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/posts\/354667\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/media\/12374"}],"wp:attachment":[{"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/media?parent=354667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/categories?post=354667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.technologyforyou.org\/wp-json\/wp\/v2\/tags?post=354667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Kaspersky](\"https:\/\/content.kaspersky-labs.com\/fm\/press-releases\/4d\/4d8ba97cef47f8e75065ec348f15a310\/processed\/kasperskyransomware2025-q93.png\")
<\/p>\n
\nData from Kaspersky Security Network<\/em><\/p>\n