Ransomware Threats Rise: Challenges in Modeling Systemic Events

Edward Zhou
Edward Zhou

CEO & Founder

 
July 16, 2025 2 min read

Ransomware Dominance and Cyber Risk Insights

Ransomware still dominates, but systemic events are harder to model – Munich Re

Image courtesy of Reinsurance Business

Cyber risk analytics firm CyberCube and global reinsurer Munich Re report significant findings regarding ransomware and systemic cyber events. A joint study reveals that a major malware event could impact 25% of global systems, with a complete compromise expected in approximately 15% of cases. Notably, no scenario was foreseen where over 50% of global systems would be fully compromised. Effective defenses such as patch management, network segmentation, and comprehensive data backup can reduce risks by 50% to 80%.

The study also highlights cloud service risks, indicating that outages across major providers could last from a few hours to several days. The impact of outages varies based on financial exposure, with a one-day disruption costing about 1% of annual revenue, contingent on the organization's cloud reliance and sector.

Ransomware Trends and Resilience

Ransomware attacks have increased by 3% in 2024 compared to 2023, underscoring the resilience of this cyber threat. Noteworthy operations like LockBit and Noberus faced disruptions, but activity rebounded later in the year. Tactics employed by ransomware actors have shifted towards using dual-use tools for data exfiltration and disabling security software.

Figure 1. Claimed ransomware attacks by actors operating data leak sites, 2022-2024.

The emergence of RansomHub, a ransomware-as-a-service (RaaS) operation, has marked a significant trend in 2024, replacing declining operations like LockBit. RansomHub offers generous affiliate terms, attracting numerous partners. Attackers often exploit known vulnerabilities such as Zerologon (CVE-2020-1472) and CitrixBleed (CVE-2023-3519) to gain initial network access.

Tactics and Tools Used by Ransomware Actors

Ransomware actors increasingly rely on living-off-the-land techniques, utilizing legitimate software in their attacks. Common tools include PowerShell, RDP, and Rclone, with remote access software like AnyDesk and Atera being frequently exploited.

Figure 2. Claimed LockBit and RansomHub attacks by quarter, 2024.

Disabling security software has become a key tactic, often achieved through the Bring Your Own Vulnerable Driver (BYOVD) method, where attackers exploit signed vulnerable drivers to terminate security processes. Tools like TrueSightKiller and Gmer are frequently utilized in these efforts.

Future Outlook on Ransomware Threats

The ransomware landscape is expected to continue evolving, with attackers adapting to evade detection and law enforcement pressures. Companies must remain vigilant, leveraging proper mitigation strategies to protect against ransomware threats. Effective measures include regular patch management, network segmentation, and utilizing comprehensive cloud services.

For organizations looking to bolster their defenses against evolving cyber threats, exploring the services offered by Gopher Security , can be a crucial step toward enhanced security. Visit Gopher Security for more information or to contact us for support in fortifying your cybersecurity posture.

Edward Zhou
Edward Zhou

CEO & Founder

 

CEO & Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article