The cybersecurity landscape is facing a dramatic shift as highlighted in Coveware by Veeam's Q2 2025 ransomware report. The report reveals a notable increase in targeted social engineering attacks, with sophisticated data exfiltration techniques driving record ransom payments.
Bill Siegel, CEO of Coveware, remarked that this quarter marks a turning point in the ransomware narrative, indicating a need for organisations to enhance their security measures.
Key findings from the report illustrate the evolving tactics of ransomware groups. Major players such as Scattered Spider, Silent Ransom, and Shiny Hunters have moved away from opportunistic attacks, opting instead for highly targeted strategies.
This shift involves novel impersonation tactics aimed at help desks, employees, and third-party service providers, significantly increasing the efficacy of their attacks.
The financial implications are stark, with the average ransom payment rising to $1.13 million, a staggering 104% increase from Q1 2025. The median payment also surged to $400,000, reflecting a growing trend where larger organisations are willing to pay hefty ransoms to recover stolen data.
Remarkably, data exfiltration is now the primary extortion method, involved in 74% of all cases, signalling a shift away from traditional system encryption.
Industry-specific vulnerabilities have also come to light, with professional services (19.7%), healthcare (13.7%), and consumer services (13.7%) facing the highest attack rates.
Mid-sized companies, particularly those with 11 to 1,000 employees, accounted for 64% of victims, suggesting that attackers are targeting organisations with less mature security defences.
Moreover, the report indicates that human factors remain a significant vulnerability. Attack techniques such as credential compromise and phishing continue to dominate initial access points. Many attackers have adeptly bypassed technical controls through social engineering, exploiting well-known vulnerabilities in platforms like Ivanti and Fortinet.
The report also reveals that new ransomware variants are reshaping the threat landscape, with Akira, Qilin, and Lone Wolf making notable entries into the top rankings. As these trends unfold, organisations must prioritise employee awareness and bolster identity controls to mitigate risks effectively.
With social engineering and data exfiltration becoming dominant tactics, enhancing data resilience and employee training is more critical than ever.
