ExtraHop Finds Ransomware Payouts Hit Record Highs as Attacks Evolve

Data reveals a shift from quick-hit assaults to stealthy, persistent threats which can be more durable to detect

ExtraHop^®, a frontrunner in trendy community detection and response (NDR), immediately launched the 2025 ExtraHop Global Threat Landscape Report, which presents a complete evaluation of the ever-shifting cybersecurity panorama. The report examines the ever-expanding assault floor, detailing the evolving techniques risk actors are leveraging to use organizations and perform profitable assaults.

According to the findings, risk actors are shifting away from broad, indiscriminate assaults to a extra focused method that yields extra impactful outcomes. As IT environments develop more and more complicated and assault surfaces broaden, risk actors are in a position to capitalize on blind spots, spending extra time inside a corporation to trigger larger harm and obtain larger payouts.

Ransomware payouts skyrocket as attackers evolve their techniques

While the frequency of ransomware assaults has dropped from 8 incidents per group to 5-6 incidents within the final yr, the common ransomware fee has surged by greater than 1,000,000 {dollars}, from $2.5M to $3.6M.

The offset between frequency and value comes as attackers have advanced to maneuver undetected inside a corporation’s setting. According to the info, risk actors had entry to networks for almost two weeks on common earlier than launching an assault. In truth, almost a 3rd of organizations solely observed they had been being focused by a ransomware assault after knowledge exfiltration had already begun.

Delays in response can translate to extra downtime

Organizations take greater than two weeks to reply to and comprise a safety alert. This delay in response can provide attackers time to maximise harm, with the analysis displaying organizations expertise a mean downtime of greater than 37 hours after an incident happens.

Threat actors focusing on vital infrastructure and authorities are among the many most lively

RansomHub (26.8%), LockBit (26.5%), Darkside (25.7%), APT41 (24%), and Black Basta (23.4%) had been the risk actors most detected in organizations’ environments final yr. Similarly, LockBit (33.3%), Darkside (33.3%), Black Basta (33.3%), and RansomHub (25.6%), had been among the many teams most lively within the authorities area.

Old techniques are nonetheless a favourite for compromising immediately’s digital landscapes

As assault surfaces broaden, organizations say the general public cloud (53.8%), third-party companies and integrations (43.7%), and generative AI functions (41.87%) pose probably the most vital cybersecurity dangers to their group. The techniques they’re utilizing to realize community entry varies, with the standard methodology of phishing and social engineering (33.65%) taking the highest spot, adopted by software program vulnerabilities (19.43%), third-party/provide chain compromise (13.4%), and compromised credentials (12.2%).

Limited visibility undermines safety efforts

The high challenges hindering a well timed response to safety threats embody restricted visibility into the complete setting (41%), overwhelming alert quantity (34%), disparate and poorly built-in instruments (34%), and inefficient or handbook SOC workflows (34%). Visibility was a high problem in vital industries such as telecom, finance, and training.

“This analysis validates what we’ve been seeing firsthand: motivated attackers are exploiting new entry factors to bypass conventional defenses and stay hidden inside a community till the time is true to strike,” mentioned Raja Mukerji, Co-founder and Chief Scientist, ExtraHop. “The actuality is, threats will all the time discover a method in, and organizations should be capable to detect threats as they transfer laterally between methods to escalate privileges and exfiltrate knowledge. Enterprises that lack the flexibility to not solely see, but additionally contextualize, each little bit of community site visitors will proceed being focused and tormented by expensive downtime and ransom funds.”

Download the 2025 ExtraHop Global Threat Landscape Report.

*This survey was carried out by Censuswide.*

The publish ExtraHop Finds Ransomware Payouts Hit Record Highs as Attacks Evolve first appeared on AI-Tech Park.