Malwarebytes today released its 2025 State of Malware report, which reveals insight into the emergence of agentic artificial intelligence (AI), plus the year's most prominent threats and cybercrime tactics. The report details a significant uptick in the number of known ransomware attacks, the total value of ransoms paid in 2024, and how IT teams can address them.
"Our research shows that ransomware will continue to be a potent threat to businesses this year," said Marcin Kleczynski, Founder and CEO, Malwarebytes. "The shift from large ransomware groups to smaller, unpredictable threat actors, combined with the increasing role of AI, means businesses must increase their cybersecurity vigilance and make holistic endpoint security a priority."
Businesses Need to be Prepared for AI-Powered Ransomware Attacks
Emerging agentic AI models—which can reason, plan, and act autonomously—will further revolutionize cybercriminal tactics, making attacks more scalable and efficient in 2025. Just as businesses are beginning to explore AI for productivity and security, cybercriminals are leveraging it to improve phishing campaigns, evade detection, and fine-tune attacks. This marks a turning point: the arms race between AI-powered attackers and AI-enhanced cybersecurity tools is rapidly escalating, forcing businesses to rethink traditional defense strategies. With AI rapidly evolving, security teams must integrate AI-driven threat detection and response to keep up and counteract the increasing speed and sophistication of AI-driven cyberattacks.
Bigger Ransoms Paid, More Types of Businesses Attacked
Known ransomware attacks increased by 13% year-over-year, despite two of the most prominent ransomware groups, LockBit and ALPHV, losing their supremacy. This can be attributed to the rise of smaller, less well-known "dark horse" ransomware gangs posing threats to small and medium-sized businesses. Additionally, 2024 saw the largest known ransomware payment ever recorded when an unknown victim paid $75 million into a crypto wallet.
"If 2024 has taught us anything, it's that ransomware purveyors aren't resting on their laurels," said Lee Wei, SVP, Customer & Product, Corporate Unit at Malwarebytes. "The full attack cycle has gone from weeks to hours and, in some cases, minutes. Organizations need eyes on their endpoints 24/7 to stay on top of threats, and that often means deploying managed services, like Managed Detection and Response (MDR), that can assist teams in filling the gaps."
To read the full report, visit http://threatdown.com/2025-State-of-Malware.
