96 percent of ransomware cases included data theft

New research reveals evolving threat tactics, the rising role of business email compromise, and the importance of proactive security measures.

  • Thursday, 27th February 2025 Posted 1 month ago in by Phil Alsop

Arctic Wolf has released its annual Arctic Wolf Threat Report, offering an in-depth analysis of the evolving cyber threat landscape. This year’s findings underscore how cybercriminals are adapting their methods to bypass stronger security defences—prioritising data theft, refining business email compromise (BEC) scams, and exploiting known vulnerabilities to infiltrate organisations worldwide.

Leveraging insights from Arctic Wolf’s incident response (IR) engagements, threat intelligence research, and telemetry from the Arctic Wolf Aurora Platform, the report provides a detailed examination of the tactics, techniques, and procedures (TTPs) attackers are using to out-manoeuvre traditional defences. It also offers actionable recommendations for organisations looking to enhance their cybersecurity resilience, taking advantage of the report’s description of the current threat landscape.

“The 2025 Arctic Wolf Threat Report highlights a critical shift in cybercriminal behaviour: data exfiltration has become the norm, not the exception,” said Kerri Shafer-Page, vice president of incident response, Arctic Wolf. “Threat actors are no longer just locking up data with ransomware; they’re stealing it first to maximise pressure on victims. The insights help organisations understand the risks they face today and shape the advanced detection and response strategies embedded within the Arctic Wolf Aurora Platform to keep our customers secure.”

Key findings from the 2025 Arctic Wolf Threat Report include:

• Steal first, extort second. As organisations improve their ability to recover from ransomware, cybercriminals have turned to data exfiltration to increase leverage—96% of ransomware cases analysed included data theft.

• The cybercrime trifecta. Three types of cybersecurity incidents account for 95% of all incident response (IR) cases: ransomware 44%, business email compromise (BEC) 27%, and intrusions 24%.

• Threat actors follow the money. BEC continues to grow as a preferred tactic, particularly in the finance and insurance sector, where it accounted for 53% of IR cases—making it the only industry where BEC outpaced ransomware.

• Patch or pay. In 76% of intrusion cases, attackers exploited just 10 specific vulnerabilities—none of which were zero-days, and most linked to remote access tools and externally facing services. This reinforces the need for proactive patch management.

• Ransomware’s price tag: $600K. Median ransom demands remain high at $600,000 USD, demonstrating that ransomware remains a lucrative business for cybercriminals despite increased law enforcement action.

• Never split the difference. The Arctic Wolf Incident Response Team helped reduce aggregate ransom demands by 64%, and 70% of clients using Arctic Wolf’s negotiation services avoided paying ransoms altogether.

The 2025 Arctic Wolf Threat Report brings together Arctic Wolf’s top security minds—from incident responders and researchers to data scientists and engineers—to provide a comprehensive analysis of today’s evolving cyber threat landscape. This essential resource helps security, IT, and business leaders anticipate threats, strengthen defences, and stay ahead of adversaries. Powered by insights from the Arctic Wolf Aurora Platform and backed by security operations expertise from one of the world’s largest commercial Security Operations Centres (SOCs), Arctic Wolf delivers the intelligence and defence organisations need to proactively detect, respond to, and remediate cyber threats.

Failure to prioritise testing and integrate generative AI tools raises concerns as agentic AI adds pressure.

CIOs 'overspend' on cloud

Posted 4 days ago by Phil Alsop
43% of CIOs say their CEOs and/or board of directors have concerns about their company’s cloud spend.
Research revealed at Coterie Connect event highlights shifting team structures, evolving skills priorities, and urgent training needed for partner...
Endava has launched its latest research report “AI and the Digital Shift: Reinventing the Business Landscape”.

3,000% surge in enterprise use of AI/ML tools

Posted 1 week ago by Phil Alsop
Zscaler has released the ThreatLabz 2025 AI Security Report, based on insights from more than 536 billion AI transactions processed between February...
Over one in four (28%) British small business owners have used AI tools to help run their business.

Tech fragmentation cited as biggest cyber challenge

Posted 1 week ago by Phil Alsop
New Palo Alto Networks data shows 82% of UK organisations confident in their use of AI, despite AI being identified as biggest cyber risk for 2025.
MIT researchers crafted a new approach that could allow anyone to run operations on encrypted data without decrypting it first.