First quarter of 2025 sees record numbers of ransomware attacks

New findings from threat protection platform BlackFog show the first quarter of 2025 has seen record-breaking numbers of publicly disclosed ransomware attacks, marking a 45 percent increase compared to Q1 of 2024.

Analysis of ransomware activity in the period from January to March saw records set each month. Both January and February set new monthly records for disclosed attacks, with increases from 2024 of 22 percent and 36 percent, respectively while March recorded the largest number of disclosed attacks since BlackFog began tracking in 2020, with 107 attacks -- an 81 percent increase compared with March 2024.

Healthcare was the most targeted sector with 57 attacks, followed by the services industry, which recorded 44 attacks, and the government sector with 30 attacks. Together, attacks on these three sectors accounted for nearly half (47 percent) of all disclosed incidents in the quarter.

RansomHub remains among the most active ransomware groups and was responsible for nine percent of disclosed attacks in the first three months of 2025 (a total of 24 attacks). Next was Qilin, accounting for 15 attacks and Akira with 14. Other groups accounted for 81 percent (225) of all disclosed attacks.

The rate of data exfiltration has continued to rise too, with 95 percent of all publicly disclosed attacks in this period involving data exfiltration.

Dr. Darren Williams, founder and CEO of BlackFog, says, "Ransomware incident volumes are reaching unprecedented levels. This presents ongoing challenges for organisations dealing with attackers focused on disruption, data theft and extortion. Different groups will emerge and disband, but they all focus on the same end goal, data exfiltration."

The full Quarterly Ransomware Report is available from the BlackFog blog.

Image credit: Benjawan Sittidech/Dreamstime.com