The latest 2025 Annual Threat Report by SonicWall brings to light shocking findings. It reveals that malicious actors are leveraging fresh vulnerabilities within a mere two days in 61% of cases. On average, organizations take between 120 to 150 days to implement a patch. Furthermore, SonicWall’s researchers uncovered 210,258 previously unseen malware variants in 2024.
Studies conducted in 2024 indicate that the mean ransomware payout amounted to $850,700, with total losses often surpassing $4.91 million when considering downtime and recovery expenses. Global losses stemming from business email compromise (BEC) attacks exceeded $2.95 billion in the same year.
SonicWall also outlined a surge in cyber assaults affecting Latin America and the healthcare sector in the U.S.
Significant Rise in Ransomware Attacks in Latin America
Ransomware incidents soared by 259% in Latin America and by 8% in North America according to SonicWall.
Incidents of IoT attacks surged by 124%, encrypted threats rose by 93%, and malware instances spiked by 8% year-on-year.
Prominent ransomware groups like LockBit and BlackCat employed ransomware-as-a-service approaches to conduct extensive attacks and exploit crucial vulnerabilities to breach systems, as emphasized in SonicWall’s 2025 Annual Threat Report.
Over 198 Million American Patients Affected by Cyberattacks
The healthcare industry in the U.S. encountered exceptional trials with more than 198 million American patients impacted by ransomware,’’ noted Bob VanKirk, the CEO of SonicWall, in the report. He attributed the emergence of new malware variants to the swift adoption and advancements in AI technologies.
Double extortion was prevalent throughout the year, with the rise of triple extortion, particularly in healthcare settings. The report elaborated that triple extortion involves encrypting an organization’s most critical data while simultaneously threatening to expose sensitive information unless demands are met. This strategy creates added pressure for ransomware victims to pay the attackers since they are effectively holding the data hostage in multiple ways.
In cases of triple extortion within the healthcare sector, threat actors might even directly approach patients and threaten to disclose their data unless the ransom is paid. The report observed that healthcare entities “were among the least equipped to handle the consequences.”
Growing Necessity for SMBs to Strengthen their Protections
VanKirk stated, “SonicWall’s data indicates that threat actors are operating with remarkable velocity.”
He highlighted the heightened pressure on small and medium-sized enterprises and recommended that “they should not combat cybercrime alone.”
The report encourages SMBs to engage trusted managed service providers (MSPs) or managed security service providers (MSSPs) to enhance their defenses. These partners can deliver continuous monitoring, prompt patch deployment, zero-trust security frameworks, and ongoing education, as mentioned in the report.
Approach
The report draws insights from SonicWall’s 24/7 security operations center analysts and market intelligence from reputable cybersecurity insurance providers, as outlined by VanKirk.
About Author
