Acronis H2 2025 Cyberthreats Report: Cyberattacks Surge as Phishing, Ransomware, and AI-Driven Threats Escalate

Global organizations face AI-enhanced cybercrime, record ransomware incidents, and an uptick in phishing attacks, highlighting the need for strong cyber defenses

SCHAFFHAUSEN, Switzerland, Feb. 18, 2026 (GLOBE NEWSWIRE) -- Acronis, a global leader in cybersecurity and data protection, released its biannual report, “Acronis Cyberthreats Report H2 2025: From exploits to malicious AI”, analyzing global threat activity based on telemetry collected by the Acronis Threat Research Unit (TRU) and Acronis sensors. The report highlights key trends observed throughout 2025, with a focus on the second half of the year.

The findings reveal a continued surge in cyberattacks. Email-based attacks increased 16% per organization and 20% per user year-over-year, while phishing remained the leading entry point, responsible for 52% of attacks targeting managed service providers (MSPs). Advanced attacks on collaboration platforms jumped from 12% in 2024 to 31% in 2025, signaling a shift toward high-impact secondary attack channels.

Key cybersecurity trends in 2025 include:

• PowerShell abuse dominates: The most abused legitimate tool globally, particularly in Germany, the U.S., and Brazil.
• Phishing remains rampant: In H2 2025, phishing accounted for 83% of all email threats.
• High-risk MSP vulnerabilities: All MSP-platform CVEs disclosed in 2025 were rated High or Critical, despite overall low numbers.
• AI goes operational: Cybercriminals increasingly integrated AI into day-to-day attack workflows, including reconnaissance, ransomware negotiation, and social engineering.
• Geographic hotspots: India, the U.S., and the Netherlands saw the highest mass infection and lateral movement rates, while South Korea was the most malware-affected country, with 12% of users impacted.
• Sector pressure points: Manufacturing, technology, and healthcare were the top ransomware targets due to uptime pressure and complex, distributed environments.

2025 also saw a dramatic rise in AI-assisted cybercrime. Threat actors leveraged AI to scale attacks, automate reconnaissance, and optimize extortion strategies. For example, GLOBAL GROUP used AI-driven systems to manage ransomware negotiations efficiently across multiple victims, while GTG-2002 employed AI-assisted reconnaissance and data exfiltration to maximize impact. Even social-engineering attacks evolved: virtual kidnapping scams used AI to generate convincing “proof of life” images, deceiving victims and amplifying psychological pressure. These innovations highlight a new era of cybercrime, where speed, sophistication, and scale challenge traditional defenses.

“As cyber threats evolve at an accelerated pace, 2025 has shown that attackers are not only scaling traditional methods like phishing and ransomware, but are leveraging AI to act faster, more efficiently, and at greater scale,” said Gerald Beuchelt, CISO at Acronis. “Attackers are increasingly integrating AI into their operations, so the cybersecurity landscape is entering a new era. This shift requires organizations to anticipate threats, automate defenses, and build resilient systems capable of withstanding both traditional and AI-driven attacks.”

Ransomware continued to dominate the threat landscape. Nearly 150 MSP and telecom organizations were directly targeted, while over 7,600 victims were publicly disclosed globally. The most active ransomware groups included Qilin (962 victims), Akira (726), and Cl0p (517). Manufacturing, technology, and healthcare sectors were disproportionately affected, with the United States recording the highest number of victims at 3,243. New ransomware groups also emerged in H2 2025, including Sinobi, TheGentlemen, and CoinbaseCartel.

Supply chain and MSP-targeted attacks remain a significant concern. Attackers exploited RMM tools such as AnyDesk and TeamViewer, impacting over 1,200 third-party and supply chain victims, with the U.S. seeing the greatest exposure at 574 victims. Akira and Cl0p were the dominant actors in these attacks, underscoring the persistent risk to MSPs and their clients.

To learn more about the report and its findings, visit the Acronis blog here: https://www.acronis.com/en/blog/posts/acronis-cyberthreats-report-h2-2025-cybercriminals-are-now-scaling-attacks-with-ai

For more information, download a copy of the full Acronis H2 2025 Cyberthreats Report here: https://www.acronis.com/en/resource-center/resource/acronis-cyberthreats-report-h2-2025

About Acronis:
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), and enterprise IT departments. Acronis solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. Acronis offers the most comprehensive security solution on the market for MSPs with its unique ability to meet the needs of diverse and distributed IT environments.

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 21,000 service providers to protect over 750,000 businesses. Learn more at www.acronis.com.

Acronis Press Contact:
Julia Carfagno
Senior Global Communications Manager
Julia.Carfagno@acronis.com

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/d810206d-1a25-4f15-a968-cfd51b812f09