Ransomware is tightening its grip on global enterprises, with the Middle East emerging as one of the most vulnerable regions. Recent research revealed that the average ransom demand has surged to $3.5 million. Nearly half of victims reportedly pay under pressure, despite ongoing negotiations.

In the Gulf, recent campaigns against critical sectors, including energy, government, and finance, highlight the region’s rising exposure to these attacks. These shifts show that ransomware operators are finding ways around traditional Endpoint Detection & Response (EDR) tools, raising concerns about current cybersecurity measures.

The Halcyon Ransomware Malicious Quartile Q2-2025 report revealed four tactical shifts defining the current ransomware landscape:

• BYOVD Security Bypass: Attackers exploit old, vulnerable drivers to bypass kernel-level defenses, disabling endpoint security tools and spreading ransomware unchecked.
• VMware ESXi Attacks: Groups like Qilin and Medusa target virtual office servers, causing outages across entire organizations.
• Remote “Living-off-the-Land” Abuse: Cybercriminals exploit Remote Monitoring and Management (RMM) software to move stealthily within networks.
• Credential Harvesting: Groups such as Akira, Qilin, and DevMan steal browser-stored passwords at scale to move laterally and maximize damage.

Ray Kafity, VP for India, Middle East, Turkey & Africa at Halcyon, reported: “Ransomware has evolved into a systemic risk. Attackers are bypassing current endpoint protection platforms and targeting infrastructure at scale. Resilience, not prevention alone, is now key for survival.”

Related post

View all