The fifth Sophos State of Ransomware Report reveals the real-world ransomware experiences of 5,000 organizations around the globe, from root cause through to severity of attack, financial impact, and recovery time.
Based on the findings of a survey of IT/cybersecurity leaders across 14 countries, this year’s report combines year-on-year insights with brand new areas of study. It includes a deep dive into ransom demands and ransom payments, and shines new light on the role of law enforcement in ransomware remediation.
Read more…
Source: Sophos
Related:
- DeadLock Ransomware: Smart Contracts for Malicious Purposes
January 15, 2026
DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of ...
- Paris releases Russian athlete accused by Washington of hacking attempts
January 10, 2026
Authorities in France have released a Russian national accused by the United States of participating in hacking attacks on companies for ransom in cryptocurrency. The man has been exchanged for a French citizen held in Russian custody, instead of being handed over to the U.S. The swap has been compared to the Griner case. Daniil Kasatkin, a ...
- U.S. DOJ: Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware
December 30, 2025
Yesterday, a federal district court in the Southern District of Florida accepted the guilty pleas of two men to conspiring to obstruct, delay or affect commerce through extortion in connection with ransomware attacks occurring in 2023. “These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime ...
- U.S. DOJ: Ukrainian National Pleads Guilty to Conspiracy to Use Ransomware
December 19, 2025
Earlier today, in federal court in Brooklyn, Artem Stryzhak pleaded guilty to conspiracy to commit fraud and related activity, including extortion, in connection with computers, for his role in a series of international ransomware attacks. Stryzhak, a Ukrainian citizen, was arrested in Spain in June 2024 and extradited to the United States on April 30, ...
- CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor
December 19, 2025
Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense ...
- From Linear to Complex: An Upgrade in RansomHouse Encryption
December 17, 2025
RansomHouse is a ransomware-as-a-service (RaaS) operation run by a group that we track as Jolly Scorpius. Recent samples of the associated binaries used in RansomHouse operations reveal a significant upgrade in encryption. This article explores the upgrade of RansomHouse encryption and the potential impact for defenders. Jolly Scorpius uses a double extortion strategy. This strategy combines ...