Header Image of accompio

Ransomware situation in 2025 - findings from forensics and threat intelligence

Current tactics of LockBit 4.0, Akira, RansomHub & Co. and what our CERT's incident analyses reveal about them

When & Where

calendar_month

Tue, 10/07/2025, 11:30 - 11:45

location_on

Forum, Booth 7-742

Download session as iCaldownload_for_offline

Details

  • Format:

    Management lecture

  • Language:

    German

Session description

The ransomware threat will remain one of the most serious security risks in 2025. In the first half of the year, our CERT forensically investigated more than 50 incidents and evaluated several hundred more based on telemetry data. In this presentation, we summarize the key findings on LockBit 4.0 and Akira, as well as the emerging groups RansomHub, Ralord, Fog, and Lynx. Common characteristics include initial access via unpatched VPN and edge devices, lateral movement using legitimate admin tools, data exfiltration via DNS tunneling, and increasing "exfil-only" extortion without encryption. In addition, we examine new attack patterns such as MFA fatigue attacks and the misuse of backup appliances as pivot points. From these findings, we derive concrete defense measures – from consist ...
Sponsored by

Speaker

Moderator