The main cyber threats of 2025 have been named

In 2025, ransomware will remain among the main cyber threats to Russian companies. This is stated in the F6 analytical report "Cyber Threats in Russia and the CIS. Analytics and Forecasts 2024/25". "Izvestia" got acquainted with the experts' data on February 19.

During 2024, experts have recorded more than 500 attacks with the use of encryptors in Russia: an increase of almost one and a half times compared to the indicator of 2023. The amount of the initial ransom for decrypting data last year for small businesses ranged from 100 thousand to 5 million rubles, and for large and medium-sized companies, which account for every fifth attack of extortionists, the criminals' requests started from 5 million rubles.

The most frequent victims of extortionists were Russian manufacturing, construction, pharmaceutical and IT companies, mining, military-industrial complex, and service organizations.

Experts noted that personal data remains one of the main targets of extortionists: attackers first steal sensitive information and only then encrypt the victim's infrastructure.

Confuse the Networks: software failures at the end of the year were most frequently recorded in retail and logistics

Difficulties arise from the departure of software vendors and increased attacks, experts say

"In total, 455 databases of companies from Russia and Belarus that had not been previously published were discovered in the 12 months of last year (there were 246 in 2023). The number of rows in the leaks exceeded 457 million. The scale of database theft and publication in 2025 is predicted to remain at the current high level or even set a new anti-leak record. Additional risks are that in addition to publication in the public domain, attackers will use this data for subsequent cascading attacks on major players in the commercial and public sectors," experts said.

It is predicted that the number of phishing attacks using spyware will continue to grow this year, following the Malware-as-a-Service model. Experts specified that in 2024 malicious phishing emails remained one of the most popular vectors of penetration into the target infrastructure. The vast majority of these emails delivered malware (malware) in attachments, which are the least costly way for attackers to deliver payloads.

"Spyware and infostealers are the most popular malware in phishing emails, ranging from 70 to 80 percent of all malware families involved in phishing emails during 2024," the company's report elaborates.

In 2025, according to experts' forecasts, the number of Supply Chain attacks and Trusted Relationship attacks is also expected to increase. During the latter, hackers can obtain and use legitimate accounts to enter the corporate networks of vendor clients. Suppliers can be IT integrators, software developers and other companies.

Earlier, on January 13, it was reported that in Russia, 65% of the analyzed companies have a low level of security. Attacks on them can cause critical damage, lead to the interruption of key business processes and financial losses. This is stated in the results of a study by the information security company Bastion.