Agentic AI Will Revolutionize Cybercrime in 2025, According to Malwarebytes State of Malware Report

Evolving cybercrime tactics prompt record-high year for ransomware, as artificial intelligence transforms the threat landscape via scale and efficiency

SANTA CLARA, Calif., February 4, 2025 –Malwarebytes, a global leader in real-time cyber protection, today released its 2025 State of Malware report, which reveals insight into the emergence of agentic artificial intelligence (AI), plus the year’s most prominent threats and cybercrime tactics. The report details a significant uptick in the number of known ransomware attacks, the total value of ransoms paid in 2024, and how IT teams can address them.

“Our research shows that ransomware will continue to be a potent threat to businesses this year,” said Marcin Kleczynski, Founder and CEO, Malwarebytes. “The shift from large ransomware groups to smaller, unpredictable threat actors, combined with the increasing role of AI, means businesses must increase their cybersecurity vigilance and make holistic endpoint security a priority.”

Businesses Need to be Prepared for AI-Powered Ransomware Attacks

Emerging agentic AI models—which can reason, plan, and act autonomously—will further revolutionize cybercriminal tactics, making attacks more scalable and efficient in 2025. Just as businesses are beginning to explore AI for productivity and security, cybercriminals are leveraging it to improve phishing campaigns, evade detection, and fine-tune attacks. This marks a turning point: the arms race between AI-powered attackers and AI-enhanced cybersecurity tools is rapidly escalating, forcing businesses to rethink traditional defense strategies. With AI rapidly evolving, security teams must integrate AI-driven threat detection and response to keep up and counteract the increasing speed and sophistication of AI-driven cyberattacks.

Bigger Ransoms Paid, More Types of Businesses Attacked

Known ransomware attacks increased by 13% year-over-year, despite two of the most prominent ransomware groups, LockBit and ALPHV, losing their supremacy. This can be attributed to the rise of smaller, less well-known “dark horse” ransomware gangs posing threats to small and medium-sized businesses. Additionally, 2024 saw the largest known ransomware payment ever recorded when an unknown victim paid $75 million into a crypto wallet.

“If 2024 has taught us anything, it’s that ransomware purveyors aren’t resting on their laurels,” said Lee Wei, SVP, Customer & Product, Corporate Unit at Malwarebytes. “The full attack cycle has gone from weeks to hours and in some cases minutes. Organizations need eyes on their endpoints 24/7 to stay on top of threats and that often means deploying managed services, like Managed Detection and Response (MDR) that can assist teams in filling the gaps.”

To read the full report, visit http://threatdown.com/2025-State-of-Malware. Plus, to learn about the latest threats and cyber protection strategies for businesses, visit threatdown.com or follow ThreatDown on LinkedIn and X. 

About Malwarebytes

Malwarebytes is a global cybersecurity leader delivering award-winning endpoint protection, privacy and threat prevention solutions worldwide. ThreatDown, Malwarebytes’ corporate product portfolio, simplifies endpoint security by combining award-winning detection and remediation with quick deployment in an easy user-interface – with one agent and one console – to protect people, devices, and data in minutes. Since 2008, Malwarebytes has been detecting and eliminating threats that others missed for half a billion individuals and thousands of businesses. A world class team of threat researchers and proprietary AI-powered engines provide unmatched threat intelligence to detect and prevent known and unknown threats. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.

Malwarebytes Media Contact

Julianne Cavanaugh, Public Relations
press@malwarebytes.com