Ransomware Tactics Shift: Data Theft Overtakes Encryption in 2025 Cyberattacks
Event summary
- In 2025, 57% of ransomware attacks involved data theft without encryption, up from 49% in early 2025.
- Infostealers harvested over 2 billion credentials, often preceding ransomware attacks.
- Vendor risk accounted for 18% of total losses, with threat actors exploiting open-source code repositories.
- Threat groups like Interlock used stolen cyber insurance policy data to calibrate ransom demands.
The big picture
Resilience's 2025 Cyber Risk Report highlights a strategic shift in cybercrime towards more calculated, long-term attacks. The professionalization of threat actors, leveraging data theft and vendor vulnerabilities, underscores the need for comprehensive cyber risk management strategies. This evolution challenges traditional cyber insurance models and necessitates proactive measures to mitigate material losses over extended periods.
What we're watching
- Evolving Cyber Tactics
- How the shift towards data theft will impact cyber insurance underwriting and premiums.
- Vendor Risk Exposure
- Whether organizations will prioritize investments in vendor incident contingency plans.
- Insurance Adaptation
- The pace at which cyber insurance policies will adjust to reflect 2025's severity levels.
Related topics