New data from BlackFog shows publicly disclosed ransomware attacks continued to set new records in the third quarter of this year, with 270 attacks -- a 36 percent increase compared to the same quarter in 2024 (198 attacks). This also represents a 335 percent increase since Q3 2020, underscoring the continued rise in attacks over the last five years.

Between July and September, publicly disclosed attacks were attributed to 54 ransomware groups. As in Q2, the Qilin ransomware gang was the most active, responsible for 20 incidents during the period. Notably, approximately 40 percent (107) of reported attacks have not yet been attributed to any known ransomware group.

The quarter also saw the emergence of 18 new ransomware groups, several linked to high-profile incidents targeting large organizations. Among these, the newcomer DEVMAN made a significant impact, with 19 attacks across Asia, Africa, Europe, and Latin America. It was also behind one of the largest demands seen this year, a $91 million demand against Chinese real estate giant Shimao Group.

Dr. Darren Williams, founder and CEO of BlackFog, says:

This has been a quarter in which the fallout of cyberattacks has continued to have a long and lasting impact. From grounded aircraft and stranded passengers to manufacturers forced to halt production, the disruption has been significant. Operations at Jaguar Land Rover, for instance, only recently resumed following the August incident, while numerous smaller suppliers are still counting the cost. At the other end of the scale, we’ve seen attackers pulling no punches when it comes to the type of company -- and data -- they target. The attack on a UK nursery chain, Kido, in September marked a new low when it emerged that information on children, parents, and carers was taken. As ransomware volumes show a continued upward trend, the best option for organizations is to make it as hard as possible for cybercriminals to take advantage of them. That means protecting data so that they have no leverage for extortion and, critically, no incentive to return.

In terms of publicly disclosed attacks, healthcare was once again the most targeted sector with 86 attacks -- accounting for 32 percent of all incidents. This was followed by the government and technology sectors, each reporting 28 attacks.

Among attacks not disclosed publicly, the manufacturing sector was hit hardest, accounting for 22 percent of all incidents. Close behind is the services sector, with 333 incidents, while the construction industry entered the top three for the first time with 143 attacks. Nearly 85 percent of all ransomware attacks (estimated at 1,510) went unreported in Q3.

You can get the full report from the BlackFog site.

Image credit: lighthouse/depositphotos.com