SonicWall’s new 2025 Annual Threat Report highlights startling revelations, including that hackers exploited new vulnerabilities within two days 61% of the time, and that it takes the average organization between 120 and 150 days to apply a patch. In addition, the firm’s researchers detected 210,258 “never-before-seen” malware variants in 2024.
Researchers reported that, in 2024, the average ransomware payment reached $850,700, with total related losses often exceeding $4.91 million when factoring in downtime and recovery costs. Global losses from business email compromise (BEC) attacks exceeded $2.95 billion in 2024.
SonicWall also detailed increased cyberattacks impacting Latin America and the U.S. healthcare sector.
Ransomware skyrocketed in Latin America
Ransomware was up 259% in Latin America and up 8% in North America, the firm said.
IoT attacks jumped 124%, encrypted threats climbed 93%, and malware spiked 8% year-over-year.
Highly visible ransomware groups such as LockBit and BlackCat leveraged ransomware-as-a-service models to carry out widespread attacks and take advantage of critical vulnerabilities to infiltrate systems, SonicWall’s 2025 Annual Threat Report noted.
198M+ American patients were impacted by cyberattacks
The U.S. healthcare sector faced “unprecedented challenges, with over 198 million American patients impacted by ransomware,’’ said Bob VanKirk, president and chief executive officer of SonicWall, in the report. He attributed the new malware variants to the rapid adoption of and advancements in AI tools.
Double extortion was prolific throughout the year with triple extortion also rising, especially in healthcare. “This specific tactic involves encrypting an organization’s most critical data while simultaneously threatening to release sensitive information unless demands are met,’’ the report stated. “This tactic is used to place even more pressure on ransomware victims to pay the threat actors as the criminals are essentially holding the data hostage in multiple different ways.”
In the case of triple extortion in the healthcare industry, threat actors will even go directly to patients and threaten to release their data unless that ransom is paid. The report noted that healthcare organizations “were also among the least prepared to handle the fallout.”
SMBs increasingly need to bolster their defenses
VanKirk wrote, “SonicWall’s data indicates that threat actors are moving at unprecedented speeds.”
He noted that this especially puts pressure on small and medium-sized businesses and added “they should not go it alone in the fight against cybercrime.”
The report urged SMBs to use trusted managed service providers (MSPs) or managed security service providers (MSSPs) to bolster defenses. These partners can provide real-time monitoring, rapid patch deployment, zero-trust security models, and ongoing education, the report said.
Methodology
The report is based on perspectives from SonicWall’s 24/7 security operations center analysts and market insights from respected cybersecurity insurance providers, VanKirk said.