By Ransomware may not dominate headlines daily, but it’s more dangerous than ever. Akamai’s Ransomware Report 2025 reveals a 37% global increase, with attackers weaponizing AI, expanding into DDoS, and using compliance as leverage. Advisory CISO Steve Winterfeld calls ransomware a “business killer”—a type of attack that can take a company offline for weeks, often beyond recovery.
A Threat That Evolves with Technology
📹 Going on record for 2026? We're recording the TFiR Prediction Series through mid-February. If you have a bold take on where AI Infrastructure, Cloud Native, or Enterprise IT is heading—we want to hear it. [Reserve your slot
Criminal groups are no longer just encrypting data. Some now specialize in DDoS attacks or pressure victims by alerting customers directly. “We continue to see more criminals going to AI,” Winterfeld explained, noting groups already experimenting with large language models (LLMs) to improve ransomware campaigns.
The regional breakdown is stark: Asia-Pacific (APAC) leads with 51% of incidents, compared to Europe’s 27% and Latin America’s 29%. Industry also matters. Crypto miners, for example, are disproportionately targeting nonprofits and educational institutions, quietly draining compute resources for profit.
From Malware Families to Monetization Models
TrickBot earned a spotlight in the report after generating over $700 million in cryptocurrency extortions. Unlike some groups that avoid critical infrastructure, TrickBot deliberately targets it—knowing hospitals and utilities face maximum pressure to pay. Meanwhile, crypto miners pose a different challenge. They may not shut down a business outright, but by hijacking cycles across servers and clouds, they create lasting financial and operational burdens.
Building True Resilience
If ransomware is the business killer, what’s the antidote? Winterfeld stresses resilience built on fundamentals: “The earlier I catch ransomware, the less impact. If seven systems are hit, that’s an incident. If the entire network goes down, I may be going out of business.” That requires validated backups, internal visibility to detect lateral movement, and adoption of zero trust.
He frames board conversations around risk prioritization as a “reverse lottery ticket”—small probability, catastrophic outcome. The decision isn’t about fear, but culture and investment. As Winterfeld put it, CISOs must turn research like this into both upward discussions with leadership and downward exercises for security teams, from tabletop validations to red team engagements.
Ultimately, ransomware isn’t going away. It’s adapting, borrowing from AI, and experimenting with monetization. For defenders, the playbook is clear: resilience, segmentation, and constant testing. Anything less risks becoming the next statistic in the ransomware economy.
