THE Google Threat Intelligence Group's report on ransomware reveals that since 2018, ransomware has evolved significantly due to the rise of ransomware-as-a-service (RaaS). The report highlights a decline in profitability for ransomware operations, attributed to enhanced cybersecurity measures and increased recovery capabilities among organizations. In 2025, there was a notable increase in data theft alongside ransomware attacks, with 77% of incidents involving suspected data theft compared to 57% in 2024.
Key findings include: 1) Initial access vectors often involved exploiting vulnerabilities, especially in VPNs and firewalls; 2) The REDBIKE ransomware family was the most prevalent, accounting for 30% of incidents; 3) A shift towards targeting smaller organizations was observed; and 4) Threat actors are adopting technologies like AI and Web3 for operational resilience. The report underscores the need for improved security practices and offers guidance on ransomware protection strategies.