Ransomware surges 63 percent in Q2

The second quarter of this year has seen a 63 percent increase in publicly disclosed ransomware attack volumes, with a total of 276 incidents compared to Q2 2024, according to the latest report from BlackFog.

This represents the highest number of attacks for this timeframe since the company began tracking ransomware volumes in 2020. All three months in the quarter set a new high compared with the same time period in previous years. June saw 113 percent increase with a total of 96 attacks. There was a 51 percent increase in April with a total of 89 attacks, and a 40 percent increase in May with 91 attacks.

In terms of disclosed attacks, healthcare was the most targeted sector with 52 attacks. This was followed by the government sector, which recorded 45 attacks and the services industry with 33 attacks.

Retailers are firmly in the sights of attackers too the sector recording its highest ever Q2 attack volumes, with UK retailers in particular bearing the brunt of high-profile ransomware attacks. The number of publicly disclosed ransomware incidents in this sector jumped by 58 percent compared to Q1 2025.

Amongst 53 active ransomware groups, the Qilin ransomware gang took the lead as the most active, responsible for 10 percent (28) of disclosed attacks and 15 percent of those revealed on dark web leak sites. Earlier this year, CISA issued a formal warning after Qilin struck high profile targets in the UK and US with the group labelled a major risk to critical infrastructure.

The scale of activity below the radar remains significant with 80.9 percent of all ransomware attacks going unreported. Across Q2 there were 1,446 undisclosed ransomware attacks marking a 19 percent increase compared to the same quarter in 2024.

Dr. Darren Williams, founder and CEO of BlackFog says:

The findings lay bare the extent of the challenge that organizations face. The past few months have been especially punishing for global retailers, with prominent high street stores falling victim and absorbing the financial and operational fallout of these attacks.

The findings also highlight that, time and again, attackers are ultimately after one thing: data. This is yet another reminder that organizations must take decisive action to reduce the risk of exfiltration with controls and processes that form a protective ‘ring of steel’ around their most sensitive data to stop attackers in their tracks.

You can get the full report from the BlackFog site.

Image credit: lighthouse/depositphotos.com