CyberSecurityBoard
Sponsor Register Login

213% Increase in Ransomware Attacks Targeting Organizations With First Quarter of 2025

The first quarter of 2025 has witnessed an unprecedented surge in ransomware attacks, with 2,314 victims listed across 74 unique data leak sites, representing a staggering 213% increase compared to the 1,086 victims recorded in the same period last year. The retail sector experienced particular devastation during this campaign, with Cl0p responsible for nearly half of all retail victims in Q1 2025, highlighting how supply chain vulnerabilities can cascade across entire industry verticals when exploited by determined threat actors. Optiv analysts identified that Cl0p’s February 2025 campaign alone resulted in 389 victims, demonstrating the devastating impact of supply chain vulnerabilities when weaponized by skilled threat actors. Perhaps most striking is the dramatic shift in the ransomware hierarchy, with Cl0p emerging as the dominant threat actor after listing 358 victims in Q1 2025, compared to just 93 victims throughout all of 2024. Notably, the previously dominant LockBit ransomware operation has continued its decline following law enforcement disruption in February 2024, dropping to 22nd position with only 24 victims listed in Q1 2025. The Cl0p ransomware, first identified in February 2019 as an evolution of the 2016 CryptoMix variant, employs sophisticated obfuscation techniques and is digitally signed with legitimate certificates to evade security detection. This dramatic escalation marks a significant departure from the relatively stable ransomware landscape observed throughout 2024, where threat actors appeared to focus on highly targeted attacks rather than volume-based campaigns. The ransomware ecosystem has undergone substantial transformation, with 74 active ransomware groups operating data leak sites in Q1 2025, up from 56 variants in the corresponding period of 2024. This campaign exemplifies the evolution of ransomware tactics, where groups leverage supply chain vulnerabilities to achieve maximum impact with minimal effort. The most significant development in Q1 2025 was Cl0p’s sophisticated exploitation of CVE-2024-50623 and CVE-2024-55956, two zero-day vulnerabilities discovered in Cleo’s managed file transfer software.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Jul 2025 10:55:14 +0000


Cyber News related to 213% Increase in Ransomware Attacks Targeting Organizations With First Quarter of 2025

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
4 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
3 months ago Cybersecuritynews.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
Samsung 'Sees Fourth-Quarter Chip Rebound' - Analysts expect Samsung to show lowest profit drop in six quarters in latest sign of semiconductor market recovery. Samsung Electronics is expected to report a smaller drop in profits than has become usual over the past year and a half, in the latest ...
1 year ago Silicon.co.uk
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Threat landscape for industrial automation systems, Q1 2024 - In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS ...
1 year ago Securelist.com
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com
Best Ransomware Protection Practices for Midsize Organizations - Ransomware Protection has emerged as a crucial step in cybersecurity since ransomware attacks have become a major threat to businesses of all sizes, including midsize organizations. Ransomware attacks can be delivered via email attachments or links, ...
1 year ago Securityboulevard.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
213% Increase in Ransomware Attacks Targeting Organizations With First Quarter of 2025 - The first quarter of 2025 has witnessed an unprecedented surge in ransomware attacks, with 2,314 victims listed across 74 unique data leak sites, representing a staggering 213% increase compared to the 1,086 victims recorded in the same period last ...
5 days ago Cybersecuritynews.com CVE-2024-50623 LockBit
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
1 year ago Securityboulevard.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Ransomware review: January 2024 - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. In February, there were 376 ransomware victims, marking an unusually active month for the historically subdued time period. February didn't ...
1 year ago Malwarebytes.com LockBit Black Basta
ICS Ransomware Danger Rages Despite Fewer Attacks - Despite takedowns of top ransomware groups, those remaining threat actors have continued to develop new tricks, while maintaining their ability to capitalize on zero-day vulnerabilities, helping them do more damage to industrial control systems with ...
1 year ago Darkreading.com LockBit BianLian Akira Ragnar Locker Black Basta
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware - COMMENTARY. The US government is ramping up efforts to stem the increasingly disruptive scourge of ransomware attacks. The State Department recently offered up to $15 million for information on LockBit, and $10 million for information on the ...
1 year ago Darkreading.com LockBit
Ransomware Attacks in November Rise 67% From 2022 - Global levels of ransomware attacks rose 30% in November, with a total of 442 attacks, following a lower volume of attacks in October according to NCC Group's November Threat Pulse. As the third most active month of the year, ransomware levels in ...
1 year ago Darkreading.com Carbanak LockBit
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
9 months ago Securelist.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Ransomware Wreaks Havoc on Businesses Struggling to Bolster Digital Security Measures - In an alarming trend that shows no signs of abating, ransomware attacks continue to devastate businesses worldwide as organizations struggle to strengthen their digital security infrastructure amid rising threats. January 2025 marked a grim milestone ...
1 month ago Cybersecuritynews.com Black Basta Dragonforce

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)