International Journal of Scientific Research and Engineering Development

Global ransomware activity in June 2025 recorded 463 confirmed incidents, representing a 15% decline compared to May, yet demonstrating a notable escalation in attack sophistication. The Qilin group dominated the threat landscape by exploiting critical Fortinet zero-day vulnerabilities and introducing a novel “Call Lawyer” feature to intensify extortion pressure. Concurrently, Fog employed stealthier intrusion methods through the abuse of legitimate and open- source tools for data exfiltration and defense evasion. The Anubis ransomware variant incorporated a destructive file-wiping mechanism, ensuring permanent data loss even after ransom payments. Professional services, healthcare, and information technology sectors emerged as the most affected industries worldwide, with the United States remaining the primary target, followed by Canada and the United Kingdom. Newly identified actors, including Teamxxx, Warlock, and former Black Basta affiliates, expanded the ransomware ecosystem by exploiting remote management software vulnerabilities and Microsoft Teams phishing campaigns for initial access. Adversaries further leveraged trusted cloud platforms such as Google Drive and OneDrive for covert command-and-control operations. The findings indicate that modern ransomware campaigns increasingly integrate financial extortion with espionage-oriented objectives, heightening strategic cyber risk and reinforcing the necessity for enhanced patch management and layered defense mechanisms.