Acronis Reports Rise in Ransomware, AI-Driven Attacks, and Malware Risks

Acronis, a Swiss cybersecurity company, has released a new market research report that reveals a significant rise in email cyberattacks; a 197% increase detected in H2 2024 compared to the same period in 2023, with a 21% rise in attacks per organization. From July to December 2024, nearly 50% of users were targeted by email-based attacks at least once.

Email attacks on managed service providers (MSPs) also increased. Not surprisingly, phishing was the preferred attack vector for attackers to breach MSP networks, with 33% experiencing email phishing campaigns. This was closely followed by exploits targeting vulnerabilities in Remote Desktop Protocol (RDP) and other remote access tools. This demonstrates how cybercriminals are leveraging common MSP practices to gain unauthorized access and deploy malicious payloads, according to the report. MSPs are increasingly targeted by advanced persistent threat (APT)-linked ransomware groups, posing a significant and growing risk. These sophisticated actors employ espionage-style tactics, including stolen credentials, social engineering, and supply chain attacks, to infiltrate MSP networks and spread ransomware to client systems. This shift signals that MSPs are no longer opportunistic targets but have become strategic entry points for high-stakes cyberattacks.

Among the other key findings, 31.4% of all emails received in H2 2024 were spam, with 1.4% containing malware or phishing links. More than 1,700 ransomware cases were reported in Q4 2024, with notable activity from RansomHub, Akira, Play, and KillSec, accounting for 580 victims. The Cl0p ransomware group emerged as a key threat in December, with 68 reported victims.

The United Arab Emirates, Singapore, and Italy were the most targeted countries for malware attacks in December 2024.

“This release highlights the alarming rise of AI-generated attacks and the increasing sophistication of ransomware campaigns,” said Gerald Beuchelt, CISO at Acronis. “By analyzing trends from the first half of 2024 and providing actionable recommendations, the report empowers organizations, MSPs, and the cybersecurity industry to proactively strengthen their defenses to stay ahead of today’s most pressing risks.”

The report also says that as remote monitoring and management (RMM) tools become more widely adopted for efficiency, they introduce significant risks to organizational security. Telemetry data from the report reveals that many organizations use multiple RMM tools simultaneously, creating blind spots that attackers can exploit. Without the proper controls, RMM tools can become entry points for ransomware attacks, which cybercriminals often use to cause even greater damage.

Channel Impact^®
In addition to new data and analysis from the first half of 2024, the report provides a complete overview of the top vulnerabilities exploited in 2024 and predictions for 2025, alongside actionable recommendations to help organizations and MSPs strengthen their defenses against emerging threats.