Thursday, May 8, 2025
HomeCyber AttackRansomware Actors Ramp Up Attacks Organizations with Emerging Extortion Trends

Ransomware Actors Ramp Up Attacks Organizations with Emerging Extortion Trends

Published on

SIEM as a Service

Follow Us on Google News

Unit 42’s 2025 Global Incident Response Report, ransomware actors are intensifying their cyberattacks, with 86% of incidents causing significant business disruptions such as operational downtime and reputational damage.

Cybercriminals are adopting increasingly sophisticated and deceptive strategies to maximize the impact of their attacks and coerce organizations into paying hefty ransoms.

A notable trend includes threat actors falsely claiming data breaches, often using outdated or fabricated information to pressure victims.

- Advertisement - Google News

For instance, in March 2025, scammers impersonating the BianLian ransomware group sent physical threatening letters to executives, alleging imminent data leaks despite no evidence of a breach.

Ransomware Actors
High-level chain of events in the attack

Similarly, a group posing as a rebranded Babuk targeted over 60 victims with recycled data from past campaigns, attempting to re-extort payments through fear tactics.

These deceptive practices highlight the psychological warfare ransomware actors employ to exploit organizational vulnerabilities beyond mere technical breaches.

Nation-State Collaboration and Advanced Tooling

A disturbing development in the ransomware landscape is the collaboration between nation-state actors and ransomware groups, blurring the lines between cybercrime and geopolitical agendas.

Unit 42 identified North Korean state-sponsored group Jumpy Pisces, linked to the Reconnaissance General Bureau, working as an initial access broker or affiliate with Fiddling Scorpius, which deploys Play ransomware, in an incident documented in October 2024.

Subsequent reports in March 2025 also noted the North Korean hacking group Moonstone Sleet deploying Qilin ransomware payloads.

This convergence signals a new era of hybrid threats where state-backed resources amplify ransomware campaigns.

Ransomware Actors
Envelope for fake BianLian ransom note.

Additionally, attackers are leveraging advanced tools like “EDR killers” to disable endpoint security sensors, a tactic rapidly adopted by affiliates to evade detection and encrypt data en masse.

In one case, Unit 42 thwarted an attempt to bypass Cortex XDR, gaining insights into the attacker’s toolkit and methods.

Beyond Windows, ransomware now targets diverse systems, including Linux, hypervisors (ESXi), macOS, and cloud environments, with groups like Bling Libra exploiting misconfigurations to infiltrate virtualized infrastructure.

Insider threats, particularly from North Korean IT workers using fake identities to secure remote employment, further compound risks, as these infiltrators steal proprietary data and extort companies by threatening leaks.

Global Impact and Industry Vulnerabilities

Unit 42’s tracking of public ransomware leak site data from January to March 2025 reveals RansomHub as the most active, with 254 reported compromises, followed by CL0P and Akira.

The United States bears the brunt of attacks, accounting for 822 incidents, far surpassing Canada and the UK.

Industry-wise, manufacturing remains the most targeted sector, likely due to outdated software and the high cost of downtime, while healthcare, despite high-profile incidents in 2024, ranks fifth.

These statistics, though incomplete due to underreporting, underscore the opportunistic nature of ransomware, with threat actors prioritizing financial gain over specific targets.

As attackers expand their reach across systems and collaborate with state actors, organizations must bolster defenses with robust network security and proactive ransomware readiness assessments to mitigate these evolving extortion trends.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically...

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically...

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber...