Ransomware: Tactical Evolution Fuels Extortion Epidemic

The Symantec Threat Hunter Team reports record-high extortion activity in 2025 driven by a rise in encryptionless data-theft extortion (notably campaigns by Snakefly/Cl0p and ShinyHunters) alongside sustained ransomware operations; a critical Oracle E-Business Suite zero-day (CVE-2025-61882) was actively exploited, LockBit and RansomHub collapsed leading to growth of Akira, Qilin, Safepay and DragonForce, and attackers increasingly rely on living-off-the-land and dual‑use remote-access tools for lateral movement and exfiltration — mitigation guidance is provided via the Symantec Protection Bulletin.