Arctic Wolf's
"
The analysis comes from 12 months of active global digital forensics and incident response cases conducted by the Arctic Wolf Incident Response team between Nov. 1, 2024 and Nov. 1, 2025, supplemented with telemetry from the Arctic Wolf Aurora Platform and insights from Arctic Wolf labs. Arctic Wolf also partnered with eCrime for all leak site data.
Manufacturing, construction and technology were the most targeted sectors – there were nearly 70% more successful ransomware attacks in the manufacturing sector than in construction. According to Arctic Wolf, manufacturing is often a primary target for threat actors due to the severe consequences brought on by operational disruptions.
While ransomware is likely to remain the most significant threat in incident response cases, experts from Arctic Wolf predict that data incidents such as data theft and extortion may increase in use over the threat of business email compromise.
In time, threat actors will start using AI in new ways as an everyday tool, according to ArcticWolf, such as introducing specialty AI functions and services or using generative AI tech to create unique, malicious code.
While attackers have already proven successful in leveraging AI to gain initial access to sensitive information or systems, experts predict that they will soon use AI throughout the cyberattack process. They may also start leveraging large language models (LLMs) to negotiate during ransomware attacks, with longer negotiation processes, while also demanding higher payouts. Arctic Wolf experts also expect threat actors to utilize AI-powered capabilities in identity fraud; email phishing with information from open-source intelligence (OSINT), voice phishing and video deepfakes.
