Cyber threat intelligence organization Flashpoint recently released its 2025 Ransomware Survival Guide. The ebook outlines the steps enterprises can take to manage and de-escalate ransomware activities.
According to Flashpoint, the guide was aimed at equipping Cyber Threat Intelligence (CTI) professionals, threat hunters, and security leaders with actionable knowledge and insights to more effectively anticipate, prevent, and respond to the evolving ransomware threat landscape.
The report also highlighted many significant stats, including the identification of over 4,700 ransomware attacks in 2024, with 53 percent targeting U.S. companies. There were 98 million credentials exposed by infostealers such as RedLine and META. Additionally, 36 percent of vulnerabilities had known exploits, including CVE-2024-3094. These key statistics underscore the importance of proper threat intelligence and actionable knowledge.
Key components of the report
Among the many critical aspects of the report, the guide takes an in-depth look at the critical role of infostealers, vulnerability exploits, and other attack vectors in facilitating ransomware attacks. This is meant for organizations to gain a deeper understanding of how seemingly disparate threats converge to create a complex and challenging environment for defenders.
The guide also looks at the evolving tactics utilized by ransomware threat actors and the strategies for effective incident response. Enterprises need to stay ahead of the threat actors by decoding their techniques, tactics, and procedures (TTPs), as well as learn how to effectively manage a ransomware attack, minimize the impact, and accelerate recovery.
Additionally, the guide explores methods to mitigate the risks of re-attacks and the best practices for fostering cross-team collaboration. Organizations can utilize this guide to develop strategies to reduce exposure to repeat attacks and build long-term resilience, in addition to enhancing communication and coordination between security teams to create a unified defense against ransomware.
Ransomware-as-a-Service driving surge in threats
The 2025 Ransomware Survival Guide is backed by Flashpoint’s 2024 Global Threat Intelligence Report, which found that there was a 429 percent increase in stolen data in early 2024 and identified an 84 percent increase in the number of ransomware attacks between 2022 and 2023. These increases were in part fueled by the growing accessibility to Ransomware-as-a-Service (RaaS).
RaaS, along with Malware-as-a-Service (MaaS) have “created a force-multiplier effect that has greatly lowered the barrier to entry, allowing unsophisticated attackers to leverage these complex tools as long as they can afford an illicit subscription.”
These new business models that are adopted by cybercriminals allow threat actors to gain access to code, code updates, and customer support tools or other tools, including keyloggers, cryptocurrency miners, and botnets.
The top three RaaS groups, LockBit, RansomHub, and Play, are responsible for 32 percent of 2024’s reported ransomware attacks.
Flashpoint’s ransomware defense
Flashpoint offers a holistic approach to ransomware defense through the combination of proactive threat intelligence, organizational readiness, and real-time incident response services. Flashpoint’s approach allows teams to be equipped for attack prevention, swift incident response, and quick recovery with minimal disruption.
Through Flashpoint’s Threat Response and Readiness (TR2), organizations are provided with the expertise and resources needed to navigate the complexities of a ransomware incident. Flashpoint says that when it is combined with its suite of CTI and Vulnerability Intelligence solutions, business leaders and security teams can gain access to a complete ransomware solution that encompasses the following:
- Ransomware prevention through proactive threat intelligence, vulnerability management, compromised credential monitoring, and other preventative measures.
- Ransomware response with expert threat actor engagement, incident response support, and recovery services.
- Ransomware training and compliance through tailored training programs, tabletop exercises, and cyber extortion playbook reviews to ensure readiness and meet compliance requirements.
In addition to utilizing the right service, Flashpoint recommends that security and IT teams secure previously and potentially compromised accounts by forcing password changes, re-establishing multifactor authentication, and removing any unneeded privileged access. Further, creating a formal response plan– if one has not been previously established– is essential to securing your organization.
Last year saw major instances of cybersecurity incidents that impacted organizations, both big and small. Read more about which cybersecurity stories helped define 2024 and their impacts across the channel.