The State of Ransomware and Computer Viruses in 2025 — What You Need to Know (and Do)
Cybercrime in 2025 is moving faster than ever. While artificial intelligence and automation are boosting cybersecurity defenses, they’re also supercharging cyberattacks. Ransomware-as-a-Service (RaaS) kits, zero-day exploits, and AI-generated phishing schemes are just a few of the tools bad actors are using to breach networks and hold data hostage.
In this article, we’ll break down the latest ransomware and computer virus threats, how they work, who they’re targeting, and—most importantly—how to defend your systems.
Top Ransomware Threats in 2025
1. VanHelsing RaaS
- What is it? A plug-and-play ransomware kit launched in March 2025 that lets affiliates launch attacks with minimal effort.
- Why it matters: Supports attacks on Windows, Linux, BSD, and ESXi systems. Affiliates pay a deposit and receive 80% of collected ransoms.
- Who’s at risk: Organisations with exposed RDP, weak network segmentation, or unpatched systems.
Recommended Protections:
- Disable RDP if not essential.
- Segment networks to contain lateral movement.
- Use endpoint detection tools with behavioral analytics.
- Back up critical data using both cloud and local NAS (e.g., Synology) with offline and versioned strategies.
2. Medusa Ransomware
- What is it? A persistent RaaS group known for double extortion—encrypting and leaking data.
- What’s new: A growing victim list in 2025, targeting public institutions and enterprises. Known to exploit Microsoft Exchange vulnerabilities.
- Notable incident: Gateshead Council (UK) fell victim in early 2025.
Mitigation Strategies:
- Apply all Exchange and VPN-related patches.
- Enforce MFA on all administrative accounts.
- Train staff to recognise phishing emails.
- Maintain encrypted backups offsite with snapshot replication.
3. Clop (Cl0p)
- What is it? A ransomware group exploiting vulnerabilities in managed file transfer (MFT) tools like MOVEit.
- Why it's dangerous: Even patched environments are vulnerable if not updated fast enough.
- Impact: Responsible for one-third of global ransomware attacks in February 2025 alone.
Protection Steps:
- Regularly update all third-party software.
- Limit MFT tool exposure to the internet.
- Monitor file transfer logs for suspicious behavior.
- Store backups both locally and in the cloud with automated versioning.
4. SuperBlack (LockBit Variant)
- What is it? A LockBit 3.0 variant used by the Russian group Mora_001.
- Tactics used: Zero-days in Fortinet firewalls, custom data theft modules, and a destructive wiper called “WipeBlack.”
- Trend: Targets high-value infrastructure and government networks.
Defense Measures:
- Immediately update Fortinet devices.
- Implement firewall anomaly detection.
- Monitor for unauthorised VPN or RDP access.
- Use immutable backups (e.g., Synology NAS with Btrfs snapshot protection).
5. SecP0 – Vulnerability Blackmail
- What is it? A group identifying undisclosed software flaws and demanding payment to keep them private.
- Why it’s different: Focuses on reputational damage rather than encryption.
- Risk factor: Commonly targets custom-built or proprietary applications.
Hardening Recommendations:
- Conduct regular security audits (internal and external).
- Participate in vulnerability disclosure programs.
- Maintain a secure software development lifecycle (SDLC).
- Back up source code and dev environments to encrypted cloud/NAS systems.
Ransomware Statistics
Check out the following statistics on ransomware attacks in the UK.
UK Firms Hit by Ransomware (2024)
Paying Over £25,000 in Ransom
UK Ransomware Attacks (2024)
Est. Global Ransom Payout
Top Computer Virus Threats
1. QWCrypt by RedCurl
- What is it? A ransomware strain by RedCurl, a group formerly focused on corporate espionage.
- How it works: Gains access via phishing and disables endpoint defenses before ransomware execution.
- Why it's notable: Leverages advanced social engineering, especially against HR and finance departments.
Proactive Safeguards:
- Block Office macros and script-based email attachments.
- Use behavior-based antivirus tools.
- Segment user roles to reduce privilege abuse.
- Use cloud and NAS backups with hourly syncing and offline retention.
2. BianLian
- What is it? A ransomware gang now focused on credential-based RDP attacks.
- Attack style: Infiltrates systems via stolen credentials and manually deploys ransomware.
- Victims: Mainly critical national infrastructure in the US, UK, and Australia.
Recommended Defenses:
- Disable unused RDP services.
- Enforce strong passwords and account lockout policies.
- Monitor and log all remote access.
- Use hybrid backup strategies (NAS + cloud) for point-in-time recovery.
Practical Prevention Checklist
| Action | Why It’s Important |
|---|---|
| Enable Multi-Factor Authentication | Blocks most account hijacking attempts. |
| Apply Software Updates Promptly | Fixes vulnerabilities before attackers exploit them. |
| Use Network Segmentation | Limits the spread of infections inside the network. |
| Back Up Data (Cloud + NAS + Offline) | Enables recovery without paying ransom. |
| Train Employees on Phishing Awareness | Reduces risk of credential theft and malware. |
| Use EDR/XDR Security Platforms | Detects and contains threats in real time. |
| Develop an Incident Response Plan | Speeds up recovery and minimises damage. |
| Test Your Backup Recovery Regularly | Ensures your backups actually work when you need them. |
Ransomware and computer viruses are no longer just nuisances. They're fast, automated, and increasingly targeted. Whether you’re an individual, a small business, or a multinational enterprise, the stakes have never been higher.
The good news? With the right cybersecurity defenses—updated systems, vigilant monitoring, reliable hybrid backups (cloud + Synology NAS), and well-trained users—you can stay ahead of most threats. Cybersecurity isn’t about eliminating risk—it’s about managing it smartly, efficiently, and continuously.
Stay proactive. Stay updated. Stay secure.