Products
Veeam Data Cloud

SaaS Data Protection Solution

Backup & Recovery service for:

Microsoft 365 & Entra ID

Microsoft Azure

Salesforce

Vault Cloud Storage

Veeam Data Platform

Self-managed data protection software for hybrid and multi-cloud environments

Data Protection

Cyber Security

AI-Driven Insights

Sovereignty, Governance & Compliance

Services

Cyber Extortion Response

Cyber Secure Program

Workload Specific

Solutions for individual applications

Backup for Microsoft 365

Backup for Microsoft Entra ID

Backup for Salesforce

Backup for Kubernetes

Backup for AWS

Backup for Microsoft Azure

Backup for Google Cloud

NEW RELEASE

Veeam Data Platform v13

Simplify operations and strengthen security with Veeam’s most intelligent and secure release yet

Explore now

Comprehensive data resilience for hybrid, multi-cloud and SaaS data

Data Backup
Automated backup solutions that evolve across platforms and locations

Data Recovery
Plan, test, automate, and scale recovery operations to defy any disruption

Data Portability
Move and store your data wherever you need it with no vendor lock-in

Data Security
The trusted leader in data resilience helping you protect smarter, detect faster, and recover clean.

Data Intelligence
AI-powered tools to automate analysis, enhance decisions, and stay secure

BENCHMARK YOUR RESILIENCE

Align Resilience to Business & Compliance Goals

Discover how leaders identify risk with the Data Resilience Maturity Model

explore now

Hybrid & Multi-Cloud

Veeam Backup & Replication CE

All Free Tools

Cloud

Veeam Backup for AWS Free

Veeam Backup for Microsoft Azure Free

Veeam Backup for Google Cloud Free

Veeam Kasten Free

SaaS

Veeam Backup for Microsoft 365 CE

Veeam Insights for Microsoft 365

Veeam for Salesforce CE

Veeam Data Platform

Self-managed data protection software for hybrid and multi-cloud environments

Packaging & Enterprise Editions

Veeam Data Cloud

SaaS Data Resilience Solutions

Purchasing Options

All Products

Find a Reseller

Buy Online
Solutions
Use Case

Ransomware Recovery

Hybrid Cloud

Microsoft SaaS Data Protection

Industries

Government

Education

Financial Services & Insurance

Healthcare

Business Type

Enterprise

Small Business

Service Provider

Services

Cyber Extortion Response

Cyber Secure Program

Alliance Technologies

See All Veeam Alliance Partners

AWS

Cisco

Google

HPE

Lenovo

Microsoft

VMware

Alliance Partner Integrations & Qualifications

Environment

SaaS  Microsoft 365 | Microsoft Entra ID | Salesforce

Cloud  AWS | Azure | Google | Kubernetes

Virtual  VMware | Hyper-V | Nutanix AHV | Oracle Linux VM | RHV | Proxmox | Scale Computing

Physical  Windows | Linux | MacOS | Unix | NAS

Apps  Microsoft | Oracle | SAP Hana | PostgreSQL | MongoDB
Support
Get Support

Support

Open a Case

Track Your Case

Support Policy

Renewals Center

Renewals

Services

Veeam Customer Success

Training & Education

Veeam University

Kubernetes Learning Portal

Support Resources

Veeam Data Cloud Changelog

Technical Documentation

Knowledge Base

Kasten Technical Documentation

Kasten Knowledge Base

Downloads

All Product Downloads

Community

Community Resource Hub

Community Experts

R&D Forums
Resources
Thought Leadership

Data Resilience Maturity Model

Resource Library

White Papers

Solution Briefs

Analyst Reports

See All Resources

Customer Stories

See All Stories

Blog

Veeam Blog

Glossary

Veeam Glossary

Events & Webinars

VeeamON

Events

Upcoming Webinars

On-Demand Webinars

Product Demo

On-Demand Platform Demo

Upcoming Product Demos

On-Demand Product Demos

Resilience Benchmarking

Data Resilience Maturity Model
Partners
WHY PARTNER WITH VEEAM

Become a Partner

Value-Added Reseller

Service Provider

Global System Integrator

Technology Alliance

Find a Partner

Find a Partner

Partner Resources

ProPartner Portal
CXOs
Veeam’s exclusive community that brings together a suite of experiences & resources for executive leaders.

Gain access to:

Conversations between influential tech leaders

Meaningful connection and candid dialogue

Peer-to-peer collaborative problem-solving

Thought Leadership

be: Ready - Explore expert guidance, trends, and innovations at our leadership hub online

INSIGHTS & RESEARCH FOR CXOs

Executive Exchange Events

Networking, insights, and shared CXO experiences at exclusive events worldwide

Events for CXOs

All press releases
Coveware by Veeam Reveals Q2 2025 Ransomware Surge: Social Engineering and Data Exfiltration Drive Record Payouts

Coveware by Veeam Reveals Q2 2025 Ransomware Surge: Social Engineering and Data Exfiltration Drive Record Payouts

Spike in Targeted Attacks Highlights Critical Role of Data Resilience in Current Ransomware Landscape

SEATTLE – August 12, 2025 – Coveware by Veeam^®, the leading authority in ransomware response and cyber extortion trends, today unveiled its Q2 2025 ransomware report, spotlighting a dramatic escalation in targeted social engineering attacks and a surge in ransom payments driven by sophisticated data exfiltration tactics.

“The second quarter of 2025 marks a turning point in ransomware, as targeted social engineering and data exfiltration have become the dominant playbook,” said Bill Siegel, CEO of Coveware by Veeam. “Attackers aren’t just after your backups – they’re after your people, your processes, and your data’s reputation. Organizations must prioritize employee awareness, harden identity controls, and treat data exfiltration as an urgent risk, not an afterthought,”

Key Q2 2025 findings from Coveware by Veeam include:

Social Engineering Drives the Biggest Threats: Three major ransomware groups – Scattered Spider, Silent Ransom, and Shiny Hunters – dominated the quarter, each leveraging highly targeted social engineering to breach organizations across sectors. These groups abandoned mass opportunistic attacks for precision strikes, using novel impersonation tactics against help desks, employees, and third-party service providers.
Ransom Payments Soar to New Highs: Both the average and median ransom payments rocketed to $1.13 million (+104% from Q1 2025) and $400,000 (+100% from Q1 2025), respectively. This spike is attributed to larger organizations paying out after data exfiltration-only incidents, even as the overall rate of organizations paying ransoms held steady at 26%.
Data Theft Overtakes Encryption as Primary Extortion Method: Exfiltration was a factor in 74% of all cases, with many campaigns now prioritizing data theft over traditional system encryption. Multi-extortion tactics and delayed threats are on the rise, keeping organizations in the crosshairs long after an initial breach.
Professional Services, Healthcare, and Consumer Services Hit Hardest: Professional services (19.7%), healthcare (13.7%), and consumer services (13.7%) bore the brunt of attacks. Mid-sized companies (11 – 1,000 employees) comprised 64% of victims, a sweet spot for attackers balancing payout potential against less mature defenses.
Attack Techniques Evolve, Human Factor Remains Key Vulnerability: Credential compromise, phishing, and exploitation of remote services continue to dominate initial access, with attackers increasingly bypassing technical controls via social engineering. Groups regularly exploit vulnerabilities in widely-used platforms (Ivanti, Fortinet, VMware), and “lone wolf” attacks by seasoned extortionists using generic, unbranded toolkits are on the rise.
New Entrants Reshape Ransomware Rankings: Q2’s top ransomware variants were Akira (19%), Qilin (13%), and Lone Wolf (9%), while Silent Ransom and Shiny Hunters entered the top five for the first time.

Coveware by Veeam has helped thousands of cyber extortion victims and developed industry leading software and services that enable rapid forensic triage, extortion negotiation and remediation, cryptocurrency settlements and decryption services with a singular goal and outcome - data recovery from ransomware attacks. Through these incidents, Coveware by Veeam has gathered data and insights on threat actor patterns that provide an unrivaled view of the current threat landscape. These valuable findings are shared with customers to help educate and reduce risks, improve security posture, and ensure rapid recovery. Select Coveware by Veeam capabilities are incorporated into Veeam offerings including Veeam Data Platform and the Veeam Cyber Secure Program, delivering the insights and capabilities to a broader set of customers.

Coveware by Veeam’s quarterly report is based on firsthand data, expert insights and analysis from the ransomware and cyber extortion cases that they manage each quarter. By utilizing real-time incident response, proprietary forensic tools (including Recon Scanner), and comprehensive documentation of threat actor behavior, attack vectors, and negotiation outcomes, Coveware by Veeam delivers unparalleled visibility into the threat landscape. By aggregating and analyzing case-specific data – rather than relying on third-party sources – Coveware by Veeam is able to identify emerging trends, track tactics, techniques, and procedures (TTPs), and provide actionable, experience-based intelligence on the rapidly evolving ransomware landscape.

To learn more on this latest report from Coveware by Veeam, read the blog post. For more information on Veeam, visit https://www.veeam.com.

About Veeam Software

Veeam®, the #1 global market leader in data resilience, believes every business should be able to bounce forward after a disruption with the confidence and control of all their data whenever and wherever they need it. Veeam calls this radical resilience, and we’re obsessed with creating innovative ways to help our customers achieve it.

Veeam solutions are purpose-built for powering data resilience by providing data backup, data recovery, data portability, data security, and data intelligence. With Veeam, IT and security leaders rest easy knowing that their apps and data are protected and always available across their cloud, virtual, physical, SaaS, and Kubernetes environments.

Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, including 67% of the Global 2000, that trust Veeam to keep their businesses running. Radical resilience starts with Veeam. Learn more at www.veeam.com or follow Veeam on LinkedIn @veeam-software and X @veeam.

For Veeam media inquiries, contact Veeam.PR.Global@veeam.com.

Frequently Asked Questions:

What are the biggest ransomware threats facing organizations in 2025?
According to the latest report from Coveware and Veeam, the main threats are targeted social engineering attacks and data exfiltration, led by groups like Scattered Spider, Silent Ransom, and Shiny Hunters.
Which industries and company sizes are most impacted by ransomware attacks?
The latest report from Coveware and Veeam found professional services, healthcare, and consumer services firms are most targeted. Mid-sized companies (11–1,000 employees) make up 64% of victims due to less mature defenses.
How have ransomware techniques evolved in 2025?
The latest report from Coveware and Veeam found that attackers now focus on credential compromise, phishing, and exploiting remote services. Social engineering is a key weakness, and there’s a rise in “lone wolf” attacks using generic toolkits and vulnerabilities in platforms like Ivanti, Fortinet, and VMware.
How can organizations strengthen their defenses against ransomware?
Coveware by Veeam advises boosting employee security awareness, hardening identity controls, and urgently addressing data exfiltration risks. Using Veeam’s resilience and recovery solutions helps reduce risk and maintain business continuity.

Recent Veeam News

BRAND RESOURCE CENTER

VEEAM DATA PLATFORM

RECORDED WEBINARS

Product Demos

White Papers