In 2025, ransomware remains a relentless cyber threat, with attackers refining their strategies to maximize damage. Unlike earlier variants, modern ransomware combines advanced encryption with cunning infiltration methods, targeting organizations’ most valuable assets. Criminals demand steep cryptocurrency ransoms, leaving victims weighing financial ruin against data loss.
Austin Gomez at InfoSecDigest.com recently explored data on Ransomware.live which is a cybersecurity resource created by security researcher Julien Mosqueton. We examined several recent attacks, and identified a striking trend.
A clear shift has emerged: attackers now prioritize small and medium-sized enterprises (SMEs) over large corporations. For example, a regional accounting firm in Ohio, was hit in January 2025, losing decades of tax records after attackers exploited an unpatched server. Similarly, a family-owned manufacturer in Texas faced a “double extortion” attack in February, where hackers encrypted production systems and leaked client contracts online after the ransom went unpaid. Another case saw a rural school district in Montana crippled in March, with student records held hostage via malware delivered through a compromised third-party app.
These examples highlight the pivot to softer targets—SMEs often lack the dedicated IT teams or budgets of bigger firms. Attackers infiltrate via outdated software, weak passwords, or third-party vendors, then escalate using stolen data as leverage. This shift underscores the need for tailored defenses: SMEs must patch systems, train staff, and adopt AI-driven monitoring to survive this ruthless wave of ransomware.