Palo Alto Networks has released its Unit 42 Extortion and Ransomware Trends Report (Jan–Mar 2025), revealing a disturbing rise in threat actor collaboration, false extortion tactics, and more aggressive ransomware methods.
The global cybersecurity company said attackers are evolving quickly—eschewing traditional encryption for manipulation, insider threats, and disabling security tools.
Organizations in Asia-Pacific and Japan are detecting intrusions earlier in the attack lifecycle, with many halting threats before attackers can carry out their objectives. But while proactive detection has improved, the frequency and impact of ransomware and extortion campaigns remain high.
“Attackers are shifting from traditional tactics to more manipulative methods including false claims, insider access, and tools that disable security controls,” said Philippa Cogswell, Vice President and Managing Partner of Unit 42 for Asia-Pacific and Japan. “It’s critical for organizations to move beyond reactive defenses and invest in strategies that provide full visibility and rapid response.”
In the Philippines, ransomware continues to disrupt both public and private sectors, often halting critical operations until data is restored or ransoms are paid. The country faces millions of cyber threats daily, highlighting the need for stronger security collaboration and AI-enabled detection tools. The National Cybersecurity Plan 2023–2028 prioritizes protecting critical infrastructure, emphasizing ransomware readiness and incident response.
Key findings from the Unit 42 report include:
Deceptive extortion on the rise: Fake data, false claims, and even physical ransom notes sent to executives’ homes were used to pressure victims.
Manufacturing is still the top target, followed by wholesale/retail and legal services.
Top target regions include the U.S., Canada, U.K., and Germany.
Cloud and endpoint security are under siege, with attackers increasingly disabling security tools using “EDR killers.”
Insider threat extortion is growing: North Korean operatives using AI-generated identities posed as IT contractors and exfiltrated proprietary code.
RansomHub is the most active ransomware variant, surging since mid-2024.
To read the full report, visit: unit42.paloaltonetworks.com/2025-ransomware-extortion-trends
READ MORE TECH NEWS.
