Ransomware Attacks Plummet 38% as Hackers Pivot to Stealth Tactics
Event summary
- Picus Security's Red Report 2026 reveals a 38% drop in ransomware attacks as hackers shift to stealth and persistence techniques.
- Analysis of 1.1 million malicious files and 15.5 million actions in 2025 shows 80% of tradecraft focused on evasion and silent residency.
- Malware now uses trigonometry to distinguish human users from security sandboxes, and attackers prefer data exfiltration over immediate encryption.
- Process injection remains the top technique for the third year, while state-sponsored actors use physical IP-KVM devices to bypass software agents.
The big picture
The decline in ransomware attacks signals a strategic shift in cyber warfare, with attackers prioritizing long-term persistence over immediate payoffs. This evolution underscores the need for continuous security validation as static defenses prove inadequate against stealthy, adaptive threats. The integration of cloud services into attack vectors further complicates enterprise security, demanding a reevaluation of perimeter and identity-based protections.
What we're watching
- Evasion Techniques
- How the surge in stealth-driven techniques will challenge traditional detection and response mechanisms.
- Data Exfiltration
- Whether the shift from encryption to silent data theft will force enterprises to rethink their security strategies.
- Cloud Security
- The pace at which attackers will exploit high-reputation cloud services for command-and-control traffic.
Related topics