Global ransomware activity has surged to unprecedented levels, with over 2,000 attacks recorded in just the first quarter of 2025, according to a new Cybernews Q1 report. Using their Ransomlooker tracking tool, researchers identified 2,028 known ransomware victims, marking a staggering 101.8% increase compared to the same period in 2024.
The report paints a grim picture of the evolving cyber threat landscape. Sixty-five ransomware gangs were active in Q1 2025, up from 47 last year, with 14 of them either newly formed or rebranded. The growing number of groups reflects an increasingly fragmented and aggressive ransomware ecosystem.
Unlike in previous years, attackers appear to be taking a more strategic, high-value approach. Rather than targeting small businesses or local governments, ransomware gangs are now focusing on high-revenue Fortune 500 companies, aiming for maximum disruption and massive ransom payouts.
According to Cybernews, the top 10 victims in Q1 2025 had a combined annual revenue of $329.8 billion, which means potential ransom demands (typically around 1% of revenue) could exceed $3.3 billion.
Key Insights:
- LockBit, once the most active ransomware group, has dramatically dropped in activity — from 219 attacks in Q1 2024 to just 23 in Q1 2025, falling to 21st place.
- The most aggressive actors this quarter were Cl0p, Akira, and RansomHub.
- The United States remains the most targeted country, with 783 known cases, followed by Canada and the UK.
- Industries under greatest threat include manufacturing and industrial, consumer and retail services, technology, transportation, and business services.
Cybernews warns that the implications of this shift toward enterprise-scale targets extend far beyond company balance sheets. Disruptions caused by ransomware attacks can ripple through supply chains, transportation systems, and public services, putting everyday operations and consumers at risk.
As ransomware gangs become more specialized and daring, experts urge organizations — especially those in high-risk sectors — to invest heavily in proactive cybersecurity strategies, including zero-trust frameworks, employee training, and real-time threat monitoring.
ReadNext
