Ransomware

DragonForce, a Ransomware-as-a-Service group first observed in 2023, rose to greater prominence in 2025 after a series of notable attacks linked to the group. Despite its unclear origins, what is evident is its rapid evolution and its aggressive, affiliate-driven model, marking it as a rising threat to watch out for.

The Trend 2025 Cyber Risk Report sustains our shift towards proactive security. Protecting enterprises is no longer about stopping breaches but is now about staying ahead, making cybersecurity a business enabler. By looking at the 2025 risk landscape, we recognize exposures and understand attacker behavior to be able to implement countermeasures, transforming security from a challenge to a catalyst for innovation and business growth.

Despite being a young ransomware group, RansomHub moves boldly by targeting larger enterprises more likely to pay ransoms. With possible links to notorious ransomware names like BlackCat and Knight, the gang is a group to watch out for.

Consumer data will be the hot commodity in the underground for 2025, with cybercrime expected to cost over $10 trillion in this coming year. Criminals will continue to develop new ways to exploit vulnerable areas, increasing enterprise risk as the attack surface expands.

This article highlights the critical importance of reducing the Cyber Risk Index, presenting findings that establishes a significant correlation between higher Risk Indices and increased susceptibility to ransomware infections.

INC ransomware was first detected in July 2023, but has already released new versions: one that targets Linux computers and an update on their Windows variant. The ransomware has been observed to exploit CVE-2023-3519 and uses HackTool.Win32.ProcTerminator.A for defense evasion and HackTool.PS1.VeeamCreds for credential access in its different attack chains.

The landscape of ransomware attacks in the first quarter of 2024 presents new insights and shifts in tactics among cybercriminal groups. This report shows key players, targeted sectors, and geographic distributions of attacks by ransomware groups, both notorious and relatively new.

The LockBit intrusion set, tracked by Trend Micro as Water Selkie, has one of the most active ransomware operations today. With LockBit’s strong malware capabilities and affiliate program, organizations should keep abreast of its machinations to effectively spot risks and defend against attacks.

Nuestra vigilancia e investigación continuas del panorama de amenazas en 2023 mostraron patrones que sugieren que los ciberdelincuentes están aprendiendo a priorizar el contenido sobre el tamaño a medida que aprovechan la superficie de ataque en expansión.