Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

Posted on by

The majority of ransomware attacks target small businesses, according to Verizon’s latest Data Breach Investigations Report (DBIR), with extortion malware appearing in 88% of SMB breach incidents compared to just 39% at larger organizations.

The 2025 edition of the annual report, published on April 23, showed that ransomware was involved in 44% of all attacks for the reported period – a total of 12,195 data breaches, between November 1, 2023, and October 31, 2024. This represents a 37% jump, with ransomware involved in just 32% of breaches in the previous report.

“Those large ransomware numbers include both the ‘traditional encrypting’ ransomware kind and the ‘pure extortion, non-encrypting’ kind, which we classified as extortion in the 2024 DBIR,” the latest Verizon report read.

During a launch event for the report in London, Alistair Neil, the Managing Director for Advanced Solutions International at Verizon Business, added that ransomware was not only increasing, but “getting more global.” More organizations outside of the US and Europe are being targeted, especially in the Asia-Pacific region.

Despite this ransomware rise, median ransom payments fell to $115,000, down from $150,000 in the 2024 report’s findings.

Nearly two-thirds of victims (64%) now refuse to pay, a significant increase from just 50% two years ago.

This confirms findings recently published by BlackFog, which suggested that ransomware groups are looking to make up in attack volume what they’re losing in ransom payments.

State-Sponsored Hackers’ Dual Motives

According to Verizon’s 2025 DBIR, cybercriminal groups are not the only threat actors contributing to ransomware, as state-sponsored actors and other advanced persistent threats are increasingly deploying ransomware tactics in their operations.

A change in the report’s contributor makeup gave Verizon deeper knowledge about espionage-motivated campaigns. These represented 17% of all confirmed breaches in the 2023/2024 reported period.

This threat is particularly concerning in Asia-Pacific, where it makes up 20% of all analyzed breaches, compared with 8% in Europe, the Middle East and Africa (EMEA) and 4% in North America.

“We also found that espionage was not the only thing state-sponsored actors were interested in – approximately 28% of incidents involving those actors had a financial motive,” the report read.

“There has been media speculation that this may be a case of the threat actors double-dipping to pad their compensation.” However, Neil said he believes that threat actors operating in in more sophisticated ways.

“Today, some are conducting system intrusions with several motives, sometimes collecting a lot of data first and then determining whether to use it for intellectual property (IP) or personally identifiable information (PII) theft or even for extortion,” he added during the launch event.

Cyber-Attack Patterns Across Industries

The industry breakdown in Verizon’s latest DBIR showed that administration and the wholesale trade sector are two industries exclusively targeted by cyber threat actors for financial gain.

Transportation, agriculture and entertainment also suffer hard from financially motivated attacks, with financial gain involved in 99%, 98% and 97% of all breaches, respectively.

The mining, utilities and information are the industries most targeted for espionage, with 55% and 36% of all breaches in these sectors involving cyber spies.

Read more about the latest DBIR: Verizon’s DBIR Reveals 34% Jump in Vulnerability Exploitation