There was a significant growth in threats from ransomware over the past 12 months, according to a new report focused on data breaches. The report, compiled by Verizon, showed a 37 per cent increase in ransomware threats compared to the same period ending in 2024.
Ransomware is often broadly defined as a malware that is designed to deny users, businesses or organisations access to their online data stored on computers or servers. In a ransomware attack, data is often encrypted and criminals demand payment for the decryption key.
There was a silver lining, however: the median amount paid to ransomware groups decreased to about $115,000, compared to $150,000 in the prior-year period.
Another bright spot, according to the report, was that 64 per cent of ransomware victims did not pay the ransoms.
Forty-four per cent of ransomware victims, according to Verizon, were local US governments, but similar bodies and municipalities in Europe, the Middle East and Africa have been affected.
"The real story here is that not only are these government entities being targeted, but they are also the favourite of certain ransomware gangs," the report stated.
Alexander Ivanyuk, technology director at the Swiss cyber-security company Acronis, told The National that the findings offer businesses and other entities some teachable lessons.
"Ransomware preparedness needs to go beyond prevention," Mr Ivanyuk said. "Organisations should maintain reliable back-ups, test recovery procedures regularly and develop response playbooks that cover scenarios like extortion, encryption, and data theft."
Credential abuse
The report also shows that the use of stolen, leaked and illicitly obtained user names and passwords – generally referred to as credential abuse – is still a major problem.
Verizon describes credential abuse as "still the most common vector" for costly and damaging data breaches.
Marc Manzano, general manager of cybersecurity at SandboxAQ, a company that works with quantum technology and artificial intelligence, said the continuing problems around compromised credentials go beyond user names and passwords.
"Crucially, the report highlights the types of credentials being stolen and misused – API keys, cloud infrastructure secrets, development pipeline tokens," he said.
Mr Manzano said cyber criminals were more quickly using technology and techniques, new and old, to identify and take advantage of security weaknesses.
"It specifically calls out the alarming speed – often zero days – at which edge device and VPN vulnerabilities are weaponised," he said.
"This underscores the absolute necessity for robust management of cryptographic assets and their dependencies, particularly for securing the machine-to-machine communications that rely on these edge systems."
Morey Haber, chief security adviser at cyber-security company BeyondTrust, echoed Mr Manzano's observations.
"This surge underlines the urgent need for stronger identity security measures," he said. Mr Haber stressed that the analysis shows the risks from employees using their own computers and devices to access work data.
"Nearly half of all compromised credentials are linked to bring-your-own-device environments and systems outside formal policy and governance, suggesting that corporate-managed systems offer stronger protection."