Ransomware attacks up over 120 percent in two years
Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. The number of publicly disclosed victims also saw a 24 percent increase from the previous year.
A new report from Black Kite shows this follows a steep rise in the previous period with an 81 percent surge, amounting to a 123 percent increase over two years. Ransomware was responsible for 67 percent of known third-party breaches.
The findings show 52 entirely new groups emerged in the last year, resulting in 96 active ransomware groups. Ransomware is no longer dominated by large syndicates. Today's organizations must contend against smaller groups that have less experience but the same intent to disrupt, extort, and repeat.
While the tactics lack the sophistication of their predecessors and the targets are smaller, the volume and unpredictability of this new era of ransomware presents a new set of challenges for defenders.
"Ransomware has evolved, not in sophistication but in strategy," says Ferhat Dikbiyik of Black Kite. "Since the fall of LockBit and AlphaV ransomware syndicates, the cybercriminal landscape has been defined by chaos and recalibration, with dozens of new actors that are unpredictable in how, where, and why. We are entering a new era of ransomware where the growth in victim count signals more than just an activity surge. There is a deeper shift in how ransomware groups operate and who they target, with small and mid-sized businesses becoming the new frontline. As the barriers are now lowered with less sophisticated but effective actors entering the field, organizations need to understand their cyber ecosystem risk by shifting their cybersecurity posture from visibility to anticipation and response to resilience."
The report notes there's also been an increase in attacks against small and mid-sized businesses (SMBs) due to their less robust cybersecurity defenses and lower risks of retaliation. There's a rise in supply chain warfare too, with attackers focused on third-party vendors where just one compromised provider can disrupt dozens to hundreds of downstream organizations.
The full report is available from the Black Kite site.
Image credit: lighthouse/depositphotos.com