
Ransomware situation in 2025 - findings from forensics and threat intelligence
Current tactics of LockBit 4.0, Akira, RansomHub & Co. and what our CERT's incident analyses reveal about them
Tickets
Get your expo ticket now!When & Where
Details
Format:
Management lecture
Language:
German
Session description
The ransomware threat will remain one of the most serious security risks in 2025. In the first half of the year, our CERT forensically investigated more than 50 incidents and evaluated several hundred more based on telemetry data. In this presentation, we summarize the key findings on LockBit 4.0 and Akira, as well as the emerging groups RansomHub, Ralord, Fog, and Lynx. Common characteristics include initial access via unpatched VPN and edge devices, lateral movement using legitimate admin tools, data exfiltration via DNS tunneling, and increasing "exfil-only" extortion without encryption. In addition, we examine new attack patterns such as MFA fatigue attacks and the misuse of backup appliances as pivot points. From these findings, we derive concrete defense measures – from consist ...
Sponsored by