Sonicwall's new annual 2025 threats highlights surprising revelations, including that computer pirates exploited new vulnerabilities within two days 61% of the time, and that the average organization has between 120 and 150 days to apply a patch. In addition, the firm researchers detected 210,258 malware variants “never seen before” in 2024.
The investigators reported that, in 2024, the average payment payment reached $ 850,700, with total related losses exceeding $ 4.91 million by taking into account the time of inactivity and recovery costs. The global losses of Commercial Email Commitment attacks (BEC) exceeded $ 2.95 billion in 2024.
Sonicwall also detailed the increase in cyber attacks that affect Latin America and the United States health sector.
Ransomware shot in Latin America
Ransomware increased 259% in Latin America and 8% more in North America, the firm said.
IoT attacks increased 124%, encrypted threats increased 93%and malware increased 8%year after year.
Highly visible ransomware groups, such as Lockbit and Blackcat, leveraged ransomware models as a service to carry out generalized attacks and take advantage of critical vulnerabilities to infiltrate the systems, the Annual Threat Report of Sonicwall 2025 noted.
American patients of 198M+ were affected by cyber attacks
The United States health sector faced “unprecedented challenges, with more than 198 million American patients affected by ransomware,” said Bob Vankirk, president and executive director of Sonicwall, in the report. Attributed the new malware variants to rapid adoption and advances in AI tools.
The double extortion was prolific throughout the year, with a triple extortion also increasing, especially in medical care. “This specific tactic implies encrypting the most critical data of an organization while simultaneously threatens to release confidential information unless the demands are met,” the report said. “This tactic is used to exert even more pressure on ransomware victims to pay the threat actors, since criminals are essentially retaining data as hostages in multiple different ways.”
In the case of triple extortion in the health industry, the threat actors will even directly go to patients and threaten to release their data unless that rescue is paid. The report said that medical care organizations “were also among the least prepared to handle the consequences.”
SMEs need more and more to strengthen their defenses
Vankirk wrote: “Sonicwall data indicates that threat actors are moving at unprecedented speeds.”
He pointed out that this exerts especially pressure on small and medium enterprises and added “they should not do it alone in the fight against cyber crime.”
The report urged SMEs to use managed service providers (MSP) or Safety Services Suppliers (MSSP) to strengthen defenses. These partners can provide real -time monitoring, rapid patches implementation, zero confidence security models and continuing education, according to the report.
Methodology
The report is based on the perspectives of the analysts of the Sonicwall 24/7 Security Operations Center and the ideas of the market of respected cybersecurity insurance suppliers, Vankirk said.
