Global organizations face AI-enhanced
cybercrime, record ransomware incidents, and an uptick in phishing attacks, highlighting
the need for strong cyber defenses
SCHAFFHAUSEN,
Switzerland – February 18, 2026 – Acronis, a global
leader in cybersecurity and data protection, released its biannual report, “Acronis Cyberthreats Report H2 2025:
From exploits to malicious AI”,
analyzing global threat activity based on telemetry collected by the Acronis
Threat Research Unit (TRU) and Acronis sensors. The report highlights key
trends observed throughout 2025, with a focus on the second half of the year.
The findings reveal a continued surge in cyberattacks.
Email-based attacks increased 16% per organization and 20% per user
year-over-year, while phishing remained the leading entry point, responsible
for 52% of attacks targeting managed service providers (MSPs). Advanced attacks
on collaboration platforms jumped from 12% in 2024 to 31% in 2025, signaling a
shift toward high-impact secondary attack channels.
Acronis' biannual report analyzes global threat activity based on telemetry collected by the Acronis Threat Research Unit (TRU) and Acronis sensors.
Key cybersecurity trends in 2025 include:
- PowerShell abuse dominates: The most abused legitimate tool globally, particularly in Germany, the U.S., and Brazil.
- Phishing remains rampant: In H2 2025, phishing accounted for 83% of all email threats.
- High-risk MSP vulnerabilities: All MSP-platform CVEs disclosed in 2025 were rated High or Critical, despite overall low numbers.
- AI goes operational: Cybercriminals increasingly integrated AI into day-to-day attack workflows, including reconnaissance, ransomware negotiation, and social engineering.
- Geographic hotspots: India, the U.S., and the Netherlands saw the highest mass infection and lateral movement rates, while South Korea was the most malware-affected country, with 12% of users impacted.
- Sector pressure points: Manufacturing, technology, and healthcare were the top ransomware targets due to uptime pressure and complex, distributed environments.
2025 also saw a dramatic rise in AI-assisted cybercrime.
Threat actors leveraged AI to scale attacks, automate reconnaissance, and
optimize extortion strategies. For example, GLOBAL GROUP used AI-driven systems
to manage ransomware negotiations efficiently across multiple victims, while
GTG-2002 employed AI-assisted reconnaissance and data exfiltration to maximize
impact. Even social-engineering attacks evolved: virtual kidnapping scams used
AI to generate convincing “proof of life” images, deceiving victims and
amplifying psychological pressure. These innovations highlight a new era of
cybercrime, where speed, sophistication, and scale challenge traditional
defenses.
“As cyber threats
evolve at an accelerated pace, 2025 has shown that attackers are not only
scaling traditional methods like phishing and ransomware, but are leveraging AI
to act faster, more efficiently, and at greater scale,” said Gerald Beuchelt,
CISO at Acronis. “Attackers are increasingly integrating AI into their
operations, so the cybersecurity landscape is entering a new era. This shift
requires organizations to anticipate threats, automate defenses, and build
resilient systems capable of withstanding both traditional and AI-driven
attacks.”
Ransomware continued to dominate the threat landscape.
Nearly 150 MSP and telecom organizations were directly targeted, while over
7,600 victims were publicly disclosed globally. The most active ransomware
groups included Qilin (962 victims), Akira (726), and Cl0p (517).
Manufacturing, technology, and healthcare sectors were disproportionately
affected, with the United States recording the highest number of victims at
3,243. New ransomware groups also emerged in H2 2025, including Sinobi,
TheGentlemen, and CoinbaseCartel.
Supply chain and MSP-targeted attacks remain a
significant concern. Attackers exploited RMM tools such as AnyDesk and
TeamViewer, impacting over 1,200 third-party and supply chain victims, with the
U.S. seeing the greatest exposure at 574 victims. Akira and Cl0p were the
dominant actors in these attacks, underscoring the persistent risk to MSPs and
their clients.
To learn more about the report and its
findings, visit the Acronis blog here: https://www.acronis.com/en/blog/posts/acronis-cyberthreats-report-h2-2025-cybercriminals-are-now-scaling-attacks-with-ai
For more information, download a copy
of the full Acronis H2 2025 Cyberthreats Report here: https://www.acronis.com/en/resource-center/resource/acronis-cyberthreats-report-h2-2025
About Acronis:
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), and enterprise IT departments. Acronis solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. Acronis offers the most comprehensive security solution on the market for MSPs with its unique ability to meet the needs of diverse and distributed IT environments.
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 21,000 service providers to protect over 750,000 businesses. Learn more at www.acronis.com.