The latest Acronis Cyberthreats Report H1 2025 provides a alarming overview of the evolution of cybercrime in the first half of the year. Based on the analysis of over one million endpoints worldwide, it not only confirms ransomware as the leading threat but also highlights the increasing role of social engineering, infiltration into cloud backup services, and exploitation of enterprise collaboration applications.
A historic rise in ransomware
One of the report’s most striking findings is that the global number of ransomware victims increased by 70% compared to the same period in 2024. This unprecedented growth brings back a threat many believed had stabilized after international efforts in 2023 and 2024 to dismantle gangs like LockBit and Hive.
Acronis researchers attribute this surge to several factors:
– The proliferation of Ransomware as a Service (RaaS), enabling cybercriminals with limited technical knowledge to rent full attack kits.
– The professionalization of groups combining double and triple extortion tactics, threatening not just data encryption but also public leaks or harassment of clients and suppliers.
– Exploitation of unpatched enterprise software vulnerabilities, especially in document management systems and collaboration platforms.
This 70% increase is more than just a number; it results in thousands of businesses being shut down, hospitals blocked during peak heat seasons in the Northern Hemisphere, and global supply chain disruptions.
Social engineering: the human factor remains the entry point
The report also notes a rise in Business Email Compromise (BEC) attacks, a form of social engineering that deceives employees into authorizing fraudulent transfers or sharing credentials. Data shows these attacks went from representing 20% of incidents in 2024 to 25.6% between January and May 2025.
This increase partly stems from the use of generative AI tools, which craft error-free, convincing emails, making it harder for employees to recognize them as scams.
A recent example in Germany illustrates this trend: attackers impersonated an executive’s voice and image in a manipulated AI video call, convincing an employee to make a multi-million dollar transfer. Such increasingly realistic scams confirm that cybersecurity is no longer just a technical issue but also a psychological one.
Compromised backups: 1.47% of Microsoft 365 emails contain malware
Another surprising finding is that 1.47% of email backups in Microsoft 365 contained malware. This reveals that attackers can infiltrate inboxes and also have malicious code stored in backup systems, threatening the organization’s last line of defense.
Practically, this means restoring data could reintroduce malware into the corporate network, prolonging rather than ending the crisis. Acronis recommends regularly scanning backups for integrity and not relying solely on data redundancy as a protective measure.
The manufacturing sector: the most profitable target
Acronis’s report identifies the manufacturing industry as the most targeted by ransomware, accounting for 15% of attacks in the first half of 2025.
Reasons are clear: factories and supply chains are critical infrastructure, where hours of downtime can result in millions in losses. This makes them attractive targets for criminal gangs, who know that companies are more likely to pay ransoms to resume operations.
Recent incidents, such as an attack on an automotive plant in Mexico or disruption of a European heavy machinery manufacturer’s assembly line, confirm this trend. Both harms led to the suspension of entire shifts and caused delays impacting international markets.
Collaboration apps: a rising vector
The shift to hybrid and remote work has made collaboration apps like Microsoft Teams, Slack, and Google Workspace central to business communication. Cybercriminals have exploited this, turning these platforms into vectors for malware distribution, internal phishing campaigns, or hijacking conversations.
The report details a significant rise in targeted attacks on these tools, capitalizing on the trust employees place in messages received through corporate channels. A shared file that appears to be a legitimate spreadsheet could open the door to devastating ransomware.
Artificial intelligence: an ally and threat
A key part of the report examines AI’s dual role in cybercrime. According to Acronis, attackers already use generative AI to enhance phishing campaigns, create voice and image deepfakes, and develop polymorphic malware that changes form to evade detection.
However, AI is also being integrated into defensive solutions capable of analyzing large volumes of data in real time, detecting anomalies, and predicting attack patterns before they happen. The battle between defenders and attackers largely unfolds in the realm of AI.
Recommendations for businesses
The report offers practical advice to improve digital resilience:
– Mandatory multi-factor authentication on all critical accounts.
– Continuous monitoring of endpoints and networks with advanced EDR/XDR solutions.
– Ongoing awareness and training of employees to recognize phishing and social engineering scams.
– Regular integrity checks of backups to ensure they are malware-free.
– Implementation of Zero Trust policies, minimizing access privileges.
– Investment in AI-driven security solutions capable of neutralizing automated threats in real time.
A persistent trend
Acronis experts warn that the second half of 2025 could see even greater challenges. Increasingly sophisticated ransomware, AI-powered attack amplification, and exploitation of enterprise collaboration platforms pose ongoing risks.
For many organizations, the key takeaway is that cybersecurity is no longer an optional expense but a strategic investment in business continuity. In an interconnected world, where supply chains cross continents and sectors, a single breach can trigger cascading effects affecting thousands of companies.