Coveware by Veeam®, authority in ransomware response, has announced its Q2 2025 ransomware report, highlighting a sharp rise in cyber extortion and targeted social engineering attacks. The report revealed that sophisticated data exfiltration tactics are driving higher ransom payments.

Bill Siegel, CEO of Coveware by Veeam, said, “Attackers aren’t just after backups, they’re targeting people, processes, and data reputation. Organizations must prioritize employee awareness, strengthen identity controls, and treat data exfiltration as an urgent risk.”

Key findings from the report include:

• Social engineering dominates attacks: Three ransomware groups, Scattered Spider, Silent Ransom, and Shiny Hunters, focused on precision attacks using novel impersonation tactics.
• Ransom payments soar: Average and median payments reached $1.13 million (+104% from Q1 2025) and $400,000 (+100% from Q1 2025), driven by data exfiltration-only incidents.
• Data theft overtakes encryption: Exfiltration was involved in 74% of cases, with multi-extortion tactics and delayed threats increasing.

The report also revealed that professional services, healthcare, and consumer sectors were hardest hit. Mid-sized companies (11–1,000 employees) represented 64% of victims. Attack techniques evolved, with credential compromise, phishing, and exploitation of remote services remaining key vulnerabilities.

New ransomware variants reshaped rankings in Q2, with Akira, Qilin, and Lone Wolf emerging at the top. Silent Ransom and Shiny Hunters entered the top five for the first time.

Coveware by Veeam provides rapid forensic triage, extortion negotiation, remediation, cryptocurrency settlements, and decryption services. The company uses firsthand case data and proprietary tools to track threat actor patterns, emerging tactics, and actionable intelligence on the evolving ransomware landscape.

Related post

View all