SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Small business cyber threats shadowy hands reaching from screens stressed owner
#
Ransomware
#
Advanced Persistent Threat Protection
#
Cybersecurity

Cyber-extortion incidents surge as criminals target small firms

Fri, 5th Dec 2025
Author image
By Catherine Knowles, News Editor

Orange Cyberdefense research indicates a sharp rise in cyber-extortion and a shift in tactics among cybercriminals, small businesses, and critical infrastructure. The latest analysis finds that the cyber threat landscape is more complex and fragmented, with an increasing number of actors and a growing role for hacktivists aligned with state interests.

Rising Cy-X attacks

The number of cyber-extortion (Cy-X) incidents has continued to rise, with a 44.5% increase in victims from October 2024 to September 2025 compared to the year before. Since 2020, the report records more than a tripling of total victims, reaching 19,000. The operational efficiency of Cy-X actors has also increased, with each actor now impacting 53 victims on average, up from 45 five years ago.

Fragmented landscape

Where previously one dominant group might have defined cyber-extortion, the current environment is marked by a near tripling in distinct actors since 2020, increasing from 33 to 89. This proliferation is partially attributed to the growth of cybercrime-as-a-service and industrialisation, which have lowered entry barriers for would-be attackers. In Europe, specific threat groups have grown rapidly: Qilin's victims rose 324% and Akira's by 168%. The report also notes 35 new countries worldwide have experienced emerging Cy-X activity, including 10 in Africa.

Targeting the vulnerable

Attackers are increasingly focusing on small and medium-sized businesses (SMBs). Two-thirds of Cy-X victims now fall into this category, an increase of 9% from last year. The situation is particularly acute in the US, where the number of small business victims has nearly doubled, up 91%. Germany accounts for the highest number of victims in Europe, with a 57.7% growth. Larger organisations also remain at risk, with those classified as 'large' experiencing a 110% increase in victimisation.

State-aligned hacktivism

Hacktivism has evolved, becoming more closely tied to state-supported agendas and geopolitical conflict. The tactics have also grown in sophistication. Recent incidents include cyber-physical attacks, such as remote tampering with infrastructure valves at a Norwegian dam and the manipulation of operational technology and industrial control systems in Canada. Disinformation campaigns-particularly those allegedly run by pro-Russian groups-are increasingly prominent, with a focus on undermining public trust in essential services.

Law enforcement response

For the first time, Orange Cyberdefense has incorporated a dataset on global law enforcement actions, documenting 418 publicly announced interventions from 2021 to mid-2025. These include arrests, takedowns, charges, sentences, sanctions, and asset seizures. Cy-X is the focus of 59 of these efforts, and is also the offence most likely to result in arrest. The majority of law enforcement actions (43%) originate in the United States, and US agencies led nearly half of documented interventions.

Private sector involvement in disruption efforts has also increased, with 40% of incidents seeing partnership between private firms and law enforcement. However, the report stresses that cybercriminal groups often adapt more quickly than authorities are able to respond.

Industry perspective

"As attackers diversify across geographies and business sizes, what's clear is that the traditional perception of the 'supply chain' as linear is obsolete. In reality, we exist within a dense web of interdependence where a single weakness can enable mass compromise. Small businesses and critical services have become prime conduits to amplify economic and social consequences. While traditional defences and incremental enforcement are necessary, they are not enough to offset agile adversaries that exploit society's interconnectedness," said Charl van der Walt, Head of Security Research, Orange Cyberdefense.

"Far from being a tragic fate, the consequences of the balkanisation of cyberspace should provide us with an opportunity to strengthen co-operation, transparency and resilience. The fight against organised cybercrime requires a global alliance, both public and private, to confront a threat that knows no borders. Orange Cyberdefense is ready to share the benefits of its Cyber Threat Intelligence to further reinforce our digital shield," said Hugues Foulon, Chief Executive Officer, Orange Cyberdefense.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Phishing services drive 389% surge in account breaches
isVerified launches AI voice deepfake defence for execs
ChatGPT drives bulk of enterprise generative AI data risk
BioCatch warns AI agents will supercharge online fraud
Hayo boosts mobile registry to combat SIM swap fraud

Top stories

Executive-level CISO titles surge amid rising scope strain
Asimily boosts Cisco ISE with new device microsegmentation
Cyb3r Operations raises $5.4m to tackle cyber risk
Deepfake boom fuels relentless wave of celebrity scams
Visionplatform.ai adds AI agents to Milestone XProtect