New research finds dozens of new bad actors and growing unpredictability of attacks

BOSTON, May 13, 2025 /PRNewswire/ — Black Kite, the leader in third-party cyber risk intelligence, today announced its newest report, 2025 Ransomware Report: How Ransomware Wars Threaten Third-Party Cyber Ecosystems, which provides a deep analysis into evolving ransomware trends and threats. The report found that threats have escalated with more actors, less predictability, and deeper entanglement in supply chains, underscoring an urgent need for organizations to implement intelligence-driven defenses and proactive vendor monitoring.

“Ransomware has evolved, not in sophistication but in strategy,” said Ferhat Dikbiyik, Black Kite. “Since the fall of LockBit and AlphaV ransomware syndicates, the cybercriminal landscape has been defined by chaos and recalibration, with dozens of new actors that are unpredictable in how, where, and why. We are entering a new era of ransomware where the growth in victim count signals more than just an activity surge. There is a deeper shift in how ransomware groups operate and who they target, with small and mid-sized businesses becoming the new frontline. As the barriers are now lowered with less sophisticated but effective actors entering the field, organizations need to understand their cyber ecosystem risk by shifting their cybersecurity posture from visibility to anticipation and response to resilience.”

Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. As uncovered by Black Kite’s Research & Intelligence Team (BRITE), the number of publicly disclosed victims saw a 25% increase from the previous year. This follows a steep rise in the previous period with an 81% surge, amounting to a 123% increase over two years. The year also saw a noticeable uptick in attacks against small and mid-sized businesses (SMBs) due to their less robust cybersecurity defenses and lower risks of retaliation, and a rise in supply chain warfare with attackers focused on third-party vendors where just one compromised provider can disrupt dozens to hundreds of downstream organizations. These incidents, often called silent breaches, can go unnoticed until their ripple effects halt operations across industries.

Leveraging data and machine learning, Black Kite’s Ransomware Susceptibility Index® (RSI™) proved to be a critical signal. A numerical score between 0.0 and 1.0, with a higher score representing greater susceptibility to a ransomware attack, RSI goes beyond cyber risk metrics and provides a composite score that incorporates technical indicators and intrinsic risk factors. In fact, for those with RSI above 0.8, nearly half (46%) were attacked, and most organizations showed rising RSI trends well before a breach.

The report’s key findings include:

Publicly disclosed ransomware victims climbed to 6,046, a 24% increase year over year, and more than doubled since 202352 entirely new groups emerged in the last year, resulting in 96 active ransomware groupsUnder-resourced, understaffed, and underprepared, SMBs ($4M–$8M) were the most frequently targetedRansomware was responsible for 67% of known third-party breaches46% of organizations with RSI greater than 0.8 experienced ransomware attacksWith smaller, less sophisticated operators that often lack the infrastructure to run complex extortion operations, ransom payment values declined by 35%, but the overall impact has widened

Ransomware is no longer dominated by large syndicates. Today’s organizations must contend against smaller groups that have less experience but the same intent – disrupt, extort, and repeat. While the tactics lack the sophistication of their predecessors and the targets are smaller, the volume and unpredictability of this new era of ransomware presents a new set of challenges. Organizations must also defend against AI-driven ransomware that enables attackers to bypass existing security systems and could evade detection, like analyzing EDR logs or monitoring incident response communications to adjust ransom demands.

Access the full report here.

Methodology
The findings in this report are the result of a comprehensive year-long investigation conducted by the Black Kite Research & Intelligence Team (BRITE), covering the period between April 1, 2024 and March 31, 2025. The methodology combines continuous monitoring of ransomware operations with detailed victim analysis and dark web intelligence gathering:

BRITE monitored activity from over 150 ransomware groups, tracking their leak sites, extortion posts, and public disclosures. A group was considered “active” if it published at least one victim within the last 12 months. By March 2025, 96 groups met this threshold.A total of 6,046 victims were identified through leak site monitoring, cross-validated with open-source intelligence and internal telemetry. For each victim, BRITE analysts determined industry classification using NAICS codes, headquarters location by country, and estimated company size based on publicly available financials or trusted databases. BRITE also leveraged the Black Kite platform to assess each victim’s cybersecurity posture before and after the incident, helping to identify patterns in susceptibility and exposure.To complement leak site tracking, BRITE actively monitored ransomware blogs, Telegram channels, and dark web forums to identify group narratives, affiliate activity, and coordination patterns. This enabled the team to detect new groups quickly and contextualize victim disclosures beyond surface-level postings.

About Black Kite
Black Kite gives organizations a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners, and suppliers in an ever-changing digital landscape. Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating. Black Kite serves more than 3,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers.

Learn more at www.blackkite.com, or on the Black Kite blog.

Media Contact:
Michelle Kearney
Hi-Touch PR
443-857-9468
kearney@hi-touchpr.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/black-kite-releases-2025-ransomware-report-revealing-123-increase-in-ransomware-attacks-over-two-years-302452421.html

SOURCE Black Kite

The First AI-Native Platform to Unite Compliance, Cybersecurity and Data for Financial Services Firms

MENLO PARK, Calif., May 13, 2025 /PRNewswire/ — Surge Ventures, a FinTech venture studio specializing in risk and regulatory innovation, today announced the launch of SurgeONE.ai, the industry’s first integrated platform combining AI, expert services and secure data infrastructure to power modern compliance and cybersecurity for broker-dealers, RIAs and other regulated financial institutions.

The SurgeONE.ai platform unifies the proven capabilities of RegVerse, Kovair and Security Snapshot into a single intelligent system – delivering end-to-end solutions that blend automation with domain expertise. The platform was designed from the ground up to address real-world regulatory complexity, cyber threats and fragmented systems – problems legacy vendors and AI-only startups struggle to solve in isolation.

“This isn’t a rebrand or another AI wrapper,” said Sid Yenamandra, CEO of SurgeONE.ai. “It’s a new architecture, built by practitioners who’ve lived compliance and cyber from the inside, that will give firms clarity, agility and control in a time of mounting oversight.”

One Unified Platform. Three Core Domains.

SurgeONE.ai is modular, scalable and offers capabilities that align with where firms are today and where they need to go tomorrow:

Compliance: AI-guided policy surveillance, WSP gap testing, attestation workflows, trade oversight and marketing review — with embedded expert support for regulatory registration, audit readiness and ongoing program management.Cybersecurity: Real-time visibility across rep devices, vendors and networks, with risk scoring and compliance reporting aligned to SEC cybersecurity and ADV Part C requirements.Data Infrastructure: Seamless integration across core WealthTech systems, automated data hygiene and a centralized AI-ready lakehouse for reporting, analytics and regulatory response.

The result is a single command center that reduces vendor sprawl, cuts risk and streamlines operations for financial firms facing increasingly complex regulatory demands.

Why It Matters Now

Regulated firms are overwhelmed by disconnected point solutions, outdated legacy platforms and increasing audit and enforcement activity. SurgeONE.ai eliminates the need for juggling multiple vendors by combining expert services with intelligent technology in one scalable system.

“We’ve spent years working with financial firms through audits, exams and breaches,” said Yenamandra. “SurgeONE.ai is the culmination of everything we’ve learned — a platform that delivers real value, not just automation for automation’s sake.”

A Platform to Grow With

SurgeONE.ai was designed not only as a solution, but as a foundation that welcomes collaboration with other compliance professionals and service providers who believe in combining human insight with smart technology.

“Our mission is to modernize how the compliance and risk industry operates,” added Yenamandra. “We invite other expert-led firms looking to scale their impact to partner with us, because the future belongs to platforms built by practitioners, not just programmers.”

About Surge Ventures
Surge Ventures is a venture studio that builds, acquires, and invests in SaaS companies solving mission-critical challenges in compliance, cybersecurity, and data infrastructure for financial services. Through its integrated execution model and shared technology foundation, Surge has unified RegVerse, Kovair, and Security Snapshot to create SurgeONE.ai — a modern risk and compliance platform designed for scale, speed, and trust.

Media Contact:
Mitch Manning
Haven Tower Group LLC
424-317-4858
mmanning@haventower.com

View original content:https://www.prnewswire.com/news-releases/surge-ventures-launches-surgeoneai-302453271.html

SOURCE Surge Ventures

New release enhances cluster management with improved usability, security and real-time monitoring

SAN FRANCISCO, May 13, 2025 /PRNewswire/ — Continuent, a leading provider of solutions for business-critical applications using MySQL and MariaDB databases, featuring cluster management, data replication and connectivity, today announced the release of Tungsten Dashboard version 8, a major update to its web-based graphical interface for managing and monitoring Tungsten Clusters. The new version delivers significant improvements in operational efficiency, security and user experience to further simplify the way administrators interact with their database clusters in real time.

“As today’s data environments become more distributed and demanding, IT teams need a unified solution that delivers real-time insight, secure access and operational control without added complexity,” said Eero Teerikorpi, CEO of Continuent. “Tungsten Dashboard v8 brings these capabilities together in one streamlined user interface. It makes it easier for teams to monitor, manage and scale their MySQL and MariaDB infrastructure with confidence, clarity and control.”

Tungsten Dashboard has long provided organizations with a centralized view of their multi-site, multi-primary – active/passive and active/active – MySQL deployments. With support for seamless management and monitoring of complex topologies, the dashboard has been a core tool for reducing administrative overhead and enhancing cluster reliability. Tungsten Dashboard v8 builds on this foundation with a suite of new features designed to make cluster operations more intuitive, secure and responsive.

Key enhancements include:

Improved OperationsReal-time cluster monitoring enables instant visibility into cluster health and status.User-friendly operation triggers allow administrators to execute commands more easily and safely.Advanced filtering and search tools streamline the discovery of specific resources or events within large cluster environments.Simplified deployment through support for Docker Compose and Helm accelerates installation and onboarding.Enhanced SecurityEnd-to-end encryption of sensitive data ensures data integrity and confidentiality.Role-based user management enables granular access control, supporting compliance with security policies.Token-based authentication and full SSL support provide secure, end-to-end communication—from the user’s browser, through the dashboard frontend and backend, and all the way to the cluster nodes.Efficient Communication ProtocolPublish/subscribe architecture over persistent TCP connections reduces latency and ensures fast updates without overloading cluster resources.Low-impact design minimizes performance degradation during active monitoring.Automatic cluster discovery from a single entry point accelerates setup and simplifies operations in dynamic environments.

Tungsten Dashboard v8 is available now for existing customers and can be installed as a standalone component or alongside new and existing Tungsten Clusters. Installation and upgrade instructions are available in the official documentation.

For more information about Tungsten Dashboard v8 or Continuent’s full suite of high-availability MySQL solutions, visit www.continuent.com.

About Continuent
Continuent is a leading provider of solutions for business-critical applications using MySQL and MariaDB databases, including cluster management, replication, and connectivity. Driving the deployment and management of open-source MySQL databases at scale, Continuent supports continuous global database operations with commercial-grade high availability, best-in-class disaster recovery, and seamless data distribution across multiple geographic regions. Whether on-premises, hybrid-cloud or multi-cloud, Continuent facilitates the integration of MySQL databases with various cloud platforms, ensuring optimal reliability and scalability in cloud-based deployments. Continuent safeguards more than $25 billion of its customers’ combined revenue, handling billions of transactions each year by SaaS applications, e-commerce platforms, financial services and telecom solutions. With roots in Finland and based in the San Francisco Bay Area, Continuent is trusted by Fortune 500 companies in North America and Europe across a wide range of industries, since 2004. For more information, visit https://www.continuent.com.

Media contacts:
Michael Tebo
Gabriel Marketing Group (for Continuent)
Phone: (703) 829-6089
Email: michaelt@gabrielmarketing.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/continuent-releases-tungsten-dashboard-v8-an-upgrade-to-its-web-based-interface-for-managing-and-monitoring-mysql-clusters-302452973.html

SOURCE Continuent