A new global report on Ransomware 2025 from cybersecurity firm Acronis reveals the persistent and growing threat worldwide. The findings show that AI is increasingly being used to strengthen social engineering attacks such as phishing, business email compromise (BEC) and deepfakes, creating a serious risk for organizations across all industries.
Phishing attacks double against service providers
The Acronis Cyberthreats Report H1 2025, based on data from more than one million Windows devices globally, shows that phishing accounted for 25% of all attacks in the first half of 2025. For Managed Service Providers (MSPs) the situation is even worse: phishing rose from 30% to 52% in just one year.
“Ransomware remains the end goal for cybercriminals, but the path has changed. Even inexperienced attackers can now use advanced AI tools to create deepfakes, automate phishing and scale social engineering campaigns. One mistake can endanger an entire organization,” says Peter Graymon, General Manager Nordics at Acronis.
Ransomware 2025 continues to dominate the threat landscape
The report indicates that the number of publicly disclosed ransomware victims increased by almost 70% compared with both 2023 and 2024. The most active groups included Cl0p, Akira and Qlin.
- Manufacturing accounted for 15% of attacks in Q1 2025
- Retail and food sectors represented 12%
- Telecom and media made up 10% of attacks
Ransomware 2025 is clearly targeting critical industries and affecting entire supply chains, demonstrating broad impact across sectors.
AI amplifies social engineering and BEC
The share of attacks involving social engineering and Business Email Compromise rose from 20% to 25.6%. Nearly a quarter of intrusions affecting collaboration platforms used AI-generated deepfakes—manipulated audio and video, alongside automated exploits—to bypass security controls.
This trend shows how AI and ransomware in 2025 combine to form a new threat model in which technology intensifies human vulnerabilities.
A holistic approach to cybersecurity is essential
Acronis stresses the need for comprehensive cyber protection that integrates detection, prevention, recovery and response. Organizations must assume threats will grow more sophisticated as AI lowers the barrier for attackers to scale their operations.
Key takeaways from Acronis Cyberthreats Report H1 2025
- Ransomware victims rose by 70% compared with prior years
- Phishing comprised 25% of all attacks—and 52% against MSPs
- Social engineering and BEC increased to 25.6%
- Almost 25% of attacks on collaboration platforms involved AI-generated deepfakes
- Manufacturing was the most targeted sector (15% of attacks)
WP_Acronis_Cyberthreats_Report_H1_2025_250812_EN-US
Download