In 2025, ransomware operators increasingly relied on vulnerability exploitation for initial access and heavily targeted virtualization infrastructure like ESXi. While overall ransomware profitability appears to be declining, threat actors have adapted by increasing data theft extortion, targeting smaller organizations, and utilizing cross-platform ransomware families like REDBIKE, AGENDA, and INC.