While ransomware is still the leading motivation behind cyberattacks, cybercriminals are increasingly using AI in their methods, putting MSPs, ISPs, manufacturers and other businesses at risk, according to Cyberthreats Report H1 2025, a biannual publication issued by Acronis, a global cybersecurity and data protection firm.
This year, the number of publicly known ransomware victims increased nearly 70 percent compared to 2024 and 2023, with Cl0p, Akira and Qlin identified as the most active ransomware gangs, according to the report. These groups and others have increased their use of AI in conducting attacks, which is reflected in their preferred threat vectors. For example, social engineering and BEC attacks increased from 20 percent to 25.6 percent between January and May this year as compared to the same period last year. Acronis analysts believe this is likely due to the growing use of AI in crafting convincing impersonations.
Meanwhile, though the overall number of attacks targeting MSPs fell during the time period, the nature of attacks changed significantly. For example, phishing accounted for 52 percent of all attacks targeting MSPs compared to 30 percent in 2024, while remote desktop protocol attacks all but vanished. Overall, phishing accounted for 25 percent of all attacks, according to the report.
The report also indicates that attackers are increasingly focused on collaboration apps, eschewing simple BEC campaigns, with nearly 25 percent of collaboration app attacks leveraging AI-generated deepfakes or automated exploits.
Manufacturing was the most targeted industry by ransomware gangs, representing 15 percent of all recorded cases during the first quarter this year. Retail, food and drink (12 percent) and telcos and media (10 percent) were also popular targets.
The biannual report covers the global threat landscape as encountered by the Acronis Threat Research Unit (TRU) and Acronis sensors on Windows endpoints from January through June 2025. Based on signals from more than 1 million unique endpoints distributed around the world, the report also incorporates statistics focused on threats targeting Windows operating systems, given their prevalence compared to macOS and Linux, the company said.
“While the endgame for cybercriminals is still ransomware, how they get there is changing,” said Gerald Beuchelt, CISO at Acronis. “Even the least sophisticated attackers today have access to advanced AI capabilities, generating social engineering attacks and automating their activities with minimal effort. The result is that MSPs, manufacturers, ISPs and others are constantly exposed to sophisticated attacks, including increasingly advanced deepfakes, and all it takes is one mistake to put the organizations’ entire future at risk. To survive in this threat landscape and avoid damaging ransomware payloads, a holistic cyber protection strategy that incorporates advanced detection, response and recovery capabilities is essential.”
The full report can be downloaded for free from the Acronis website.
