报告:2025年勒索软件攻击趋向针对性 政企数据库成主要目标
Zhong Guo Xin Wen Wang·2026-01-16 13:46

Core Insights - The report indicates that ransomware attacks are becoming more targeted, with government and enterprise databases as primary targets by 2025 [1][2] - The focus of ransomware attacks is shifting towards medium and large enterprises, particularly in manufacturing, internet and software, and service industries, with healthcare and education also facing ongoing threats [1] - The geographical distribution shows that regions with developed digital economies, such as Guangdong, Beijing, and Zhejiang, are most affected [1] Attack Patterns - Ransomware attacks are characterized by increased specialization and precision, with double or multiple extortion becoming mainstream [1] - The number of active ransomware families has increased by nearly 30% to 122 compared to 2024, with attackers not only encrypting data but also threatening to leak sensitive information [1] - Databases have become the primary target for encryption, surpassing office documents, indicating a focus on core data assets of government and enterprises [1] Attack Vectors - Remote desktop intrusion and vulnerability exploitation remain the main methods of attack, accounting for nearly 80% of incidents [1] - Vulnerability exploitation has seen significant growth, nearing the proportion of remote desktop attacks, particularly targeting security weaknesses in web applications and various management systems [1] - There is a trend towards collaboration within the ransomware ecosystem, with blurred lines between ransomware groups and the roles of developers and implementers [1] Defensive Strategies - The report suggests that enterprises should build a unified security operation system centered around AI, covering endpoints, networks, applications, and cloud environments [2] - This approach aims to transition from passive protection to proactive and layered defense [2] - Small and medium enterprises, due to their relatively weak defenses, are becoming frequent targets for professional attack groups, leading to a significant increase in demand for security managed services and SaaS-based protection solutions [2]