Kaspersky Cybersecurity Review: Number of Users Exposed to Ransomware Increased by 152%
Cybersecurity risks in the global retail and e-commerce sector have increased significantly in both scale and complexity as 2026 approaches. A new sector review published by Kaspersky revealed that even trusted shopping applications and official platforms are no longer able to fully protect users’ personal and financial data.
Kaspersky’s 2025 cybersecurity review showed a sharp rise in ransomware activity affecting businesses operating in the retail and e-commerce space. The number of unique users in the B2B segment of the sector who encountered ransomware detection increased by 152% in 2025 compared to 2023. This indicated a serious escalation in threat levels within a short period of time.
Data Breaches Threaten E-commerce
According to the findings, the most significant increase occurred during the 2024–2025 period. The primary reason for this surge was the rapid spread of the ransomware family known as “Trojan-Ransom.Win32.Dcryptor,” which became highly prevalent across the retail and e-commerce sectors in some of the analyzed markets. This malware targeted corporate systems connected to retail operations, leading to service disruptions and the exposure of sensitive business data.
Security researchers noted that retail and e-commerce companies continue to be attractive targets due to their high transaction volumes, large customer databases, and dependence on uninterrupted system access. Any disruption or data breach in this sector can result in immediate financial losses and reputational damage.
Kaspersky Blocked More Than 6.6 Million Phishing Link Access Attempts
In addition to ransomware, phishing attacks also emerged as a major threat to consumers and service providers. Between November 2024 and October 2025, Kaspersky products blocked more than 6.6 million attempts to access phishing links targeting users of online stores, payment platforms, and delivery services.
According to the data, 50.58% of these attacks directly targeted online shoppers. Attackers impersonated well-known retail brands by offering fake discounts or order confirmations and attempted to trick users into sharing login credentials or payment information.
Payment systems were the second most targeted category at 27.3%. These attacks typically involved the imitation of digital wallets, banking portals, or payment pages with the aim of stealing financial information. Delivery services ranked third at 22.12%, with users being redirected to malicious links through fake shipment notifications and parcel tracking messages.
Shopping Seasons Created Predictable Peaks for Attacks
Kaspersky’s analysis also emphasized a strong correlation between cyberattacks and major shopping periods. Seasonal discounts and major campaign periods consistently stood out as high-risk timeframes during which attackers intensified their activities each year.
During these periods, the increase in marketing messages, discounts, and limited-time offers reduced users’ level of vigilance. Phishing emails and scam messages blended more easily with legitimate campaign traffic, making them more effective. Attackers exploited the sense of urgency and excitement created by shopping festivals to encourage users to act quickly and carelessly.
Security experts stressed that this pattern repeats every year and highlighted the critical importance of increasing cybersecurity awareness during peak shopping periods. It was noted that retailers and e-commerce platforms should strengthen their monitoring and protection measures, while consumers should carefully verify even offers that appear to be trustworthy.