Ransomware and Cyber Extortion in Q2 2025

Q2 2025 ransomware landscape: Emerging RaaS actors Qilin and Akira surged by leveraging mass exploitation of critical CVEs (e.g., FortiOS/FortiProxy, SonicWall, Cleo) and automation to rapidly compromise organizations and post victims to data-leak sites; the report details victimology (US-heavy, rising German targeting), exploited CVEs, attacker tactics (credential theft, RMM and SSH misuse, automated discovery), operational trends (affiliate models, site defacements), and prescribes actionable defenses including asset discovery, prioritized patching, MFA, RMM minimization, and network segmentation.