Global organizations are increasingly under siege from AI-enhanced cybercrime, with record levels of ransomware incidents and a notable rise in phishing attacks, underscoring the urgent need for robust cyber defenses. Acronis, a leader in cybersecurity and data protection, released its biannual report on February 18, 2026, detailing the findings of the “Acronis Cyberthreats Report H2 2025: From exploits to malicious AI.” This analysis is based on data collected by the Acronis Threat Research Unit (TRU) and sensors across the globe, focusing on trends observed throughout 2025.
The report reveals a consistent escalation in cyberattacks, with email-based threats rising by 16% per organization and 20% per user year-over-year. Phishing remained the predominant entry point for attacks, accounting for 52% of incidents targeting managed service providers (MSPs). Moreover, advanced attacks on collaboration platforms surged dramatically, increasing from 12% in 2024 to 31% in 2025. This shift indicates a troubling trend toward exploiting high-impact secondary channels.
Notable cybersecurity trends in 2025 included a significant rise in the abuse of legitimate tools, particularly PowerShell, which emerged as the most exploited tool globally, especially in Germany, the U.S., and Brazil. Phishing attacks reached alarming levels, constituting 83% of all email threats in the latter half of 2025. Meanwhile, all disclosed vulnerabilities related to MSP platforms were rated as High or Critical, highlighting systemic risks despite the relatively low number of such vulnerabilities. Furthermore, cybercriminals began operationalizing AI in their attack workflows, utilizing it for reconnaissance, ransomware negotiations, and social engineering tactics.
The geographical distribution of cyber incidents showed that India, the U.S., and the Netherlands were hotspots for mass infections and lateral movement, while South Korea reported the highest malware impact, with 12% of users affected. The manufacturing, technology, and healthcare sectors were particularly vulnerable to ransomware attacks, driven by pressure for uptime and complex operational environments.
The integration of AI into cybercrime marked a pivotal development in 2025. Threat actors harnessed AI to scale their operations, automate reconnaissance, and refine extortion methods. For example, the group GLOBAL GROUP utilized AI-driven systems to streamline ransomware negotiations across multiple victims, while GTG-2002 employed AI-assisted reconnaissance and data exfiltration techniques to enhance their impact. Even social engineering tactics evolved; virtual kidnapping scams utilized AI to produce convincing “proof of life” images, heightening psychological pressure on victims. These advancements highlight a new era of cybercrime characterized by increased speed, sophistication, and scale, thereby challenging traditional defense mechanisms.
“As cyber threats evolve at an accelerated pace, 2025 has shown that attackers are not only scaling traditional methods like phishing and ransomware but are leveraging AI to act faster, more efficiently, and at greater scale,” stated Gerald Beuchelt, CISO at Acronis. He emphasized that the cybersecurity landscape is entering a new era, necessitating organizations to anticipate threats, automate defenses, and create resilient systems capable of withstanding both conventional and AI-driven attacks.
Ransomware remained a dominant threat, with nearly 150 MSP and telecom organizations directly targeted and over 7,600 victims publicly disclosed worldwide. The most active ransomware groups included Qilin, which affected 962 victims; Akira, with 726 victims; and Cl0p, impacting 517. The United States bore the brunt of these attacks, recording the highest number of victims at 3,243. The emergence of new ransomware groups, such as Sinobi, TheGentlemen, and CoinbaseCartel, in the latter half of 2025 further complicated the security landscape.
Attacks targeting supply chains and MSPs remained a critical concern, as threat actors exploited remote monitoring and management tools like AnyDesk and TeamViewer, affecting over 1,200 third-party and supply chain victims. The U.S. experienced the highest exposure in these attacks, tallying 574 victims. Akira and Cl0p were the primary actors behind these incidents, underscoring the ongoing risks faced by MSPs and their clients.
To explore the full findings of the report, interested parties can visit the Acronis blog and download the complete “Acronis H2 2025 Cyberthreats Report” for more detailed insights.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
