ATLANTA, GA, April 29, 2025 (GLOBE NEWSWIRE) -- PDI Security and Network Solutions, a leading provider of managed cybersecurity services and a part of PDI Technologies, today released its latest cyber threat report: “Q1 2025 Threat Landscape Report.” The report analyzes the latest attack trends and cybercriminal behaviors, highlighting the sharp rise in ransomware targeting retail, shifts among leading ransomware groups, and a notable slowdown in dark web marketplace activity due to declining Lumma Stealer campaigns.
According to the report, ransomware extortion activity remained elevated in Q1 with 2,197 incidents reported—a modest 2.83% decline compared to Q4 2024. However, this slight decrease follows a significant spike in Q4, signaling that ransomware operators continue to operate at high levels of activity.
Akira ransomware led the charge with a 24% increase in activity, driven by its continued exploitation of VPN vulnerabilities and adaptive attack methods. At the same time, the retail sector experienced a staggering 74.71% increase in ransomware extortion incidents, climbing from the eighth to fourth most targeted industry in just one quarter.
“Akira’s rise and the explosive growth of attacks on the retail sector show that threat actors are constantly recalibrating their targets and techniques,” said Justin Heard, Director of Security Operations, PDI. “Organizations need to move beyond reactive defenses and adopt proactive, intelligence-driven security strategies.”
Key Findings from the PDI Q1 2025 Threat Landscape Report
Ransomware Trends
- 2,197 ransomware extortion publications were recorded, continuing the surge in ransomware extortion activity from Q4 2024
- Akira and Qilin gained momentum, while Clop and RansomHub slowed
- Retail (+74.71%), transportation (+63.51%), and public administration (+39.19%) were among the sectors with increased ransomware targeting
Dark Web Activity
- 1.35 million listings were down 38.68% from Q4
- Lumma Stealer listings dropped by 58.94%, significantly impacting credential availability
- Redline saw a sharp rise, increasing by 89.48%
Exploit Activity
- 29 million exploit attempts were tracked, nearly flat quarter-over-quarter
- Exploits against Log4j, Hikvision, and legacy Bash vulnerabilities remained widespread
“The data shows threat actors are refining their approach,” said Josh Smith, Principal Threat Intelligence Analyst, PDI. “Threat actors are heavily focusing on remote access technologies by exploiting vulnerabilities or using stolen credentials. It’s clear organizations must prioritize their visibility and response agility.”
The full threat report is available for download here. To help organizations navigate these findings and gain expert insights, the PDI threat intelligence team will host a live webinar on Wednesday, April 30, 2025, at 2 pm ET. Security leaders can register online for the webinar.
About PDI Security and Network Solutions
With over 25 years of cybersecurity expertise, PDI Security and Network Solutions is redefining managed security through intelligent unification and protection. The company delivers fully managed security and network services—including Managed Detection and Response (MDR), Endpoint Detection and Response (EDR), and Firewall as a Service—through 24/7 Security Operations Centers (SOCs) and AI-powered insights via the PDI Cybersecurity Platform. PDI Security and Network Solutions protects over 2,500 organizations, processes more than 1 trillion traffic logs quarterly, and safeguards over $1 trillion in retail transactions annually. Its 97% client retention rate reflects an unwavering commitment to client success and innovation.
PDI Technologies 9417041199 pr@pditechnologies.com