Author: Alexander Ivanyuk — Senior Director, Technology
The Acronis Cyberthreats Update covers current cyberthreat activity and trends, as observed by Acronis Threat Research Unit (TRU) and Acronis sensors. Figures presented here were gathered in November 2025 and reflect threats that Acronis detected, as well as news stories from the public domain. This report represents a global outlook and is based on more than one million unique endpoints distributed around the world.
Incident of the month
In November 2025, one of the most consequential cybersecurity incidents of the year unfolded when a ransomware attack crippled the CodeRED emergency notification system operated by OnSolve, a company later acquired by Crisis24. CodeRED is widely used by local governments, municipalities and public safety agencies across the United States to distribute critical alerts, including severe weather warnings, evacuation notices and emergency instructions. The attack drew immediate national attention because it directly affected public safety infrastructure rather than a single corporation or industry.
The attackers gained unauthorized access to CodeRED’s legacy systems, encrypting critical components and disrupting the service’s ability to function. As a result, numerous cities and counties temporarily lost the ability to send automated emergency alerts to residents. In some cases, authorities were forced to rely on alternative communication methods, such as social media, local broadcasters or manual notification processes, raising concerns about delayed or missed warnings during emergencies.
November web threat detections
In November, Acronis Cyber Protect blocked almost 25 million dangerous URLs on endpoints.
The below tables show the percentage of Acronis clients that had at least one web-based threat blocked at the endpoint, as well as the normalized percentage of clients with at least one web-based threat detection. The higher the percentage, the higher the risk of a workload in that country being attacked by malware.
Protection
The aforementioned threats can be detected and mitigated with solutions from Acronis.
Acronis Cyber Protect Cloud protects against both known and never-before-seen threats through a multilayered protection approach. This includes behaviour-based detection, AI- and ML-trained detections and anti-ransomware heuristics, which can detect and block encryption attempts and roll back any tampered files automatically without any user interaction.
Additional email security and URL filtering can help you protect against social engineering threats. And, your Acronis #CyberFit score helps you quickly identify systems that need attention, while integrated patch management makes updating your software to the latest versions simple.
Acronis XDR for Acronis Cyber Protect Cloud brings the visibility needed to understand attacks while simplifying the context for administrators and enabling efficient remediation of any threats.