Summary: Check Point Research recently published its Q2 2025 Ransomware Report showing shifts in the ransomware threat landscape. Based on leak site data and threat intelligence, the report indicates that attackers are mixing AI with classic extortion tactics.
Analyst Note: The research reveals that ransomware is evolving rather than fading. While overall victim disclosures dropped six percent, the first decline in over a year, groups like Qilin and DragonForce are expanding operations with AI-driven tools and aggressive affiliate models. Others, such as Hunters International, are shifting to data-only extortion. The report’s findings – AI’s growing role in attack automation, social engineering, and extortion tactics – also complements federal reporting on the subject.
Additionally, Warlock ransomware actors have been found to be exploiting the vulnerabilities in Microsoft SharePoint servers that WaterISAC shared with members in a recent advisory.
Original Source: https://l.cyberint.com/ransomware-q2-2025-report
Additional Reading:
- Check Point reveals AI-powered ransomware surge as attackers shift from encryption to exfiltration
- (TLP:AMBER) WaterISAC Advisory – WWS Billing Software Impacted by Ransomware Group (Updated June 18, 2025)
- (TLP:CLEAR) WaterISAC Advisory - ACTION MAY BE REQUIRED: Critical Vulnerabilities in On-Premises SharePoint Server Actively Exploited (Updated July 24, 2025)
- (TLP:CLEAR) Joint Cybersecurity Advisory - #StopRansomware: Interlock Ransomware
Related WaterISAC PIRs: 6, 10
