Ransomware groups are growing bolder, and attacks are at record highs. Businesses now need threat intelligence to boost traditional cybersecurity defenses.
In the world of cybercrime, ransomware has become a synonym for “easy money.” Security researchers discover new gangs, tools, and victims regularly, as cybercriminals increasingly shift toward a ransomware-as-a-service model and more opportunistic attacks.
Given this new reality, businesses need to implement threat intelligence that specifically focuses on this sphere of criminal activity, so their IT teams can keep up with the latest trends to avoid nasty surprises.
ESET aims to deliver this advantage through its ESET Threat Intelligence service by introducing its brand‑new eCrime Reports. These reports are designed to arm law enforcement, IT, and security teams with the information they need to defend businesses against ongoing malicious campaigns, with a primary focus on ransomware and infostealers.
While ESET has been covering notorious state-sponsored Advanced Persistent Threats (APTs) targeting high-profile businesses and critical infrastructure for years, the new ESET eCrime Reports retrain the focus on expanding the area of financially motivated cybercriminal groups, who are not picky about the size or home region of their targets. Keeping this kind of threat intelligence as practical as possible, the ESET eCrime Reports provide real-world attack scenarios and insight into the TTPs, and add IoCs, hunting rules, and guidance to maximize defense effectiveness.
CTA: Try ESET eCrime Reports now!
Key points of this article:
- Ransomware attacks are surging in number, as this type of malware is more readily available while also getting more sophisticated.
- In such a dynamic and fast‑evolving threat landscape, businesses need threat intelligence to stay ahead of the latest techniques ransomware groups deploy.
- ESET steps in with its brand-new eCrime reports, combining in-depth insights with a continuous stream of relevant threat‑intelligence data.
Amassing numbers
When it comes to the threat landscape, things are going from bad to worse for businesses. Ransomware has effectively become a service for anyone willing to pay, enabling even less‑skilled cybercriminals to launch large‑scale malicious campaigns. To make matters worse, AI has lowered the barrier to entry even further – coding is now both easier and faster, and the human capital required to operate these campaigns has significantly decreased.
Despite notable progress by law enforcement and the private sector in disrupting active ransomware operations, the ransomware landscape remains very challenging, with new gangs emerging and affiliates moving to other operators. Notably, in 2025, ESET researchers saw increased rivalry, with competitive gangs even attacking each other.
A similar surge is visible among infostealers, which often serve as the initial access vector in campaigns that later escalate into ransomware incidents.
Available data confirms the trend:
- ESET analysis of data leak sites indicates a 50% year-on-year increase in ransomware attacks.
- Verizon’s 2025 Data Breach Investigations Report sees more than one-third y-o-y increase (from 32% to 44%) of ransomware attacks.
- The Verizon report notes that the median ransom payment has decreased from $150,000 in 2024 to $115,000 in 2025. The contributing factor may be the shift toward targeting smaller businesses – 88% of breached SMBs found ransomware in their systems.
- Infostealers play an important role: Data from ransomware extortion sites show that 54% of victims had their domains appear in at least one infostealer log or in illicit marketplace postings, according to the same report.
The increased availability of ransomware certainly doesn’t make it less dangerous. Criminal groups continue to develop new tools like EDR killers that exploit vulnerable drivers to disable security solutions. They also rapidly adopt new techniques observed in other threats, such as ClickFix, a social‑engineering method that displays a fake error message to trick victims into copy‑pasting and executing malicious commands on their devices.
CTA: Interested in the latest trends in the ransomware scene? Check out the ESET Threat Report H2 2025!
Why threat intelligence is important
Facing today’s highly dynamic ransomware landscape, businesses can no longer rely on passive cybersecurity tools such as simple endpoint protection products. To deal with evolving threats, businesses need proactive, multilayered defense that includes high‑quality threat intelligence.
For example, ransomware attacks are often complex, multistage intrusions. Cybercriminals begin with reconnaissance, carefully monitoring the targeted organization. They then deploy malware to compromise the environment and only later encrypt data and demand a ransom. This entire process may unfold slowly over several weeks in order to avoid detection.
Naturally, malware operators also monitor the performance of their campaigns and improve their tools and tactics over time.
The infostealer ecosystem also largely benefits from the Malware as a Service (MaaS) model, with various affiliates distributing infostealers, which increase the pressure on defenders. On top of that, dedicated marketplaces provide an extremely easy way to monetize stolen credentials.
CTA: If you want to see what a real MaaS operation looks like, check this blog.
ESET Threat Intelligence – global visibility backed by world‑class researchers
With its large number of users across different regions, ESET has true global visibility into real‑world incidents resolved by its solutions. This foundation enables the creation of curated, factually accurate, and in‑depth threat intelligence.
One example of such intelligence service in action is our awarded research about BlackLotus UEFI bootkit, the first publicly known UEFI bootkit bypassing the essential platform security feature – UEFI Secure Boot. In our research, ESET researcher Martin Smolár dismantles this malware into pieces, covering the history of the malware, outlining the bypass process step by step, and offering guidance on how to defend against it.
ESET Threat Intelligence is backed by world‑class researchers and detection engineers who collaborate with leading cybersecurity institutions, including the FBI, the Joint Cyber Defense Collaborative at CISA, the NATO Cooperative Cyber Defence Centre of Excellence (organizer of the Locked Shields exercise), and Europol.
And these are the same guys who also contribute to your ESET Threat Intelligence feeds and reports.
What eCrime reports bring to the table
ESET eCrime Reports are the latest addition to the ESET Threat Intelligence portfolio, revealing the methods, infrastructure, and behaviors of today’s cybercriminal groups, particularly those behind ransomware, infostealers, and mass‑spread phishing campaigns.
These campaigns operate globally and at scale, threatening organizations of all sizes across nearly every region.
The goal of eCrime Reports is to give businesses clear, timely visibility into real‑world attacks, including the IoCs involved, along with lessons learned and actionable guidance that security teams can immediately apply to strengthen resilience.
The Advanced tier also includes access to the ESET AI Advisor for faster insight digestion and an integration-ready connection to the ESET MISP server.
The main benefits of ESET eCrime Reports:
- Full overview of recent ransomware and infostealer campaigns that go beyond isolated indicators
- In-depth analyses covering attack patterns, progression, IoCs, tactics, tooling, infrastructure mapping, and MITRE ATT&CK® coverage
- Actionable defensive guidance involving lessons learned and expert recommendations
- Monthly updates detailing ongoing ransomware and infostealer activity, key trends, major incidents, and emerging threats
- The eCrime Feed, a continuously updated stream of curated IoCs focused on ransomware gangs, affiliates, and infostealer campaigns
- ESET AI Advisor, an AI-driven support that leverages insights from eCrime reports to deliver fast, context-aware answers to threat-related questions
- Access to the ESET MISP server, providing direct integration with curated threat intelligence data, enabling security teams to automate ingestion of IoCs
- Support for compliance, helping organizations meet regulatory and industry requirements
Thanks to ESET eCrime Reports, businesses can preemptively identify plausible threats, discover and fix misconfigurations or security gaps, prioritize threats in case of alerts/updates/patch fatigue, and make strategic decisions.
Don’t get surprised anymore
Ransomware groups have grown bold, continuously refining their tools while driving attack volumes to record highs. In such a highly dynamic threat landscape, businesses need a steady stream of intelligence to anticipate what ransomware gangs will attempt next.
ESET eCrime Reports help prevent breaches and strengthen resilience by giving organizations deep visibility into the cybercrime ecosystem and the latest threats.
CTA: Try ESET eCrime Reports now!
Frequently Asked Questions:
Why are ransomware and infostealer attacks increasing so rapidly?
Ransomware has evolved into an accessible service model, allowing even low‑skilled criminals to launch large‑scale attacks. AI has further lowered the barrier to entry by simplifying coding and automation.
What makes today’s ransomware campaigns more dangerous than before?
Modern campaigns are sophisticated, multistage operations. During ransomware intrusions, legitimate tools are often abused via living off the land (LOTL) techniques, making detection more difficult. At the same time, the ransomware ecosystem is more accessible, with tens of gangs coexisting, each with its own affiliates. They continuously adapt their techniques, use advanced tooling like EDR killers, and rapidly adopt new methods of compromise.
Why do businesses need threat intelligence in addition to traditional cybersecurity tools?
Traditional, passive tools like simple antivirus cannot keep up with fast‑evolving cyber threats and do not cover all threat vectors. Threat intelligence provides insights into real‑world attacks, tactics, and indicators of compromise, enabling businesses to detect threats earlier, respond faster, and anticipate what cybercriminals are likely to attempt next.
What makes ESET’s threat intelligence unique?
ESET’s intelligence is powered by advanced detection technologies and a global team of renowned researchers. They monitor active attacks, analyze deployed malware, and collaborate with organizations such as NATO, FBI, Europol, and CISA. This real‑world visibility allows ESET to uncover groundbreaking threats and feed high‑quality insights into its intelligence products.
What do ESET eCrime Reports offer to help businesses stay ahead of cybercriminals?
ESET eCrime Reports provide deep visibility into ransomware, infostealer, and phishing operations. Businesses receive analyses of attack patterns, IoCs, tactics, tooling, MITRE ATT&CK® mappings, and monthly updates on emerging threats. The Advanced tier adds an AI Advisor and MISP integration for automated IoC ingestion. This helps organizations identify threats early, fix misconfigurations, reduce alert fatigue, and make informed security decisions.