BlackFog’s 2025 State of Ransomware Report Reveals 49% Increase in Attacks Year on Year

San Francisco, California – 12^th February 2025 – BlackFog, the leader in ransomware prevention and anti data exfiltration (ADX), today unveiled its 2025 State of Ransomware Report, a detailed analysis of ransomware activity from publicly disclosed and non-disclosed attacks globally.

The report shows that ransomware activity continues to intensify, driven by the emergence of large-scale, AI-enabled attacks. As attackers prioritize speed, scale and stealth over disruption, 2025 marked a record-setting year for ransomware activity: 

Key findings for 2025                                                              

• Publicly disclosed ransomware increased by 49% year on year. The total number reached a record high of 1,174 incidents, nearly four times higher than in 2020. 
• There was a 37% rise in undisclosed attacks from 2024 – 2025. 

Ransomware’s most dangerous players  

A total of 130 different ransomware groups carried out attacks in 2025, spanning both new and more established operators. Of these, 52 were new ransomware groups emerging in 2025 – representing a 9% increase compared to 2024. 

• Qilin’s activity surged, and in 2025 it was the most active ransomware group across both disclosed and undisclosed attacks claiming a total of 1,115 victims.
• Akira ranked second for disclosed attacks and third for undisclosed activity. In total, this group was linked to 776 total recorded attacks over the year.
• Play secured third place for disclosed attacks, accounting for 5% of the annual total, while INC ranked second in undisclosed activity, with 66 victims claimed.

Large‑scale, AI‑enabled attacks have arrived

2025 also saw the arrival of large scale AI-enabled attacks when attackers hijacked Anthropic’s Claude model to autonomously perform reconnaissance, exploitation, and data theft – a first‑of‑its‑kind AI‑led cyberattack.

Retail sector in the spotlight, healthcare still the most targeted sector

With high-profile attacks affecting brands such as M&S, Cartier, Chanel, and other luxury retailers and fashion houses, the retail sector saw increased targeting. In terms of volume, the healthcare sector was once again the most targeted vertical sector, accounting for 22% of all disclosed ransomware attacks in 2025.

Nearly all sectors experienced increased attack volumes, with the services industry more than doubling year-on-year, recording a 118% increase. Education was the only sector to see a decline, with attacks decreasing by approximately 12%.

No nation is immune: 69% of all countries worldwide impacted 

The report reveals the global threat of ransomware with organizations across 135 countries (69%) impacted by attacks in 2025.  Among disclosed ransomware incidents, the United States remained the primary target, accounting for 58% of all recorded attacks. Australia and the United Kingdom followed, with 110 and 42 attacks respectively.

For undisclosed attacks, the US again topped the list, suffering 3,768 incidents. Canada followed, accounting for 6% of undisclosed attacks, with Germany close behind at 4%. 

2025 also saw intense country-specific attacks with the Qilin ransomware group launching a sustained and highly targeted campaign against South Korean organizations – one of the most concentrated national attacks of the year. 

Sharp rise in ransomware under the radar – 86% of all attacks are undisclosed

There was a sharp rise in undisclosed ransomware activity in 2025, with 7,079 victims announced by ransomware groups on dark web leak sites, representing a 37% increase compared to 2024. These figures indicate that approximately 86% of ransomware attacks are never publicly reported.

Dr Darren Williams, Founder and CEO of BlackFog, comments:

“The global impact of ransomware across 2025 has been unprecedented. From high street chains to hospitals, ransomware doesn’t respect borders, the size of organization or the sector you’re in. It’s brought vital services, established companies – and the smaller partners who depend on them – to a grinding halt.

“Yet the disruption they cause is only part of the story. Attackers aren’t just breaking in – they’re intent on stealing data to power extortion. By weaponizing AI they can outpace defenders at a new scale and use stealthy targeted techniques to slip past traditional security measures. Putting protections in place to close these gaps and prevent data exfiltration has to take priority as attackers focus on targeting organizations’ most sensitive information.”

For a detailed look into the findings, download BlackFog’s 2025 State of Ransomware Report 

BlackFog is a global AI-based cybersecurity company that pioneered on-device anti data exfiltration (ADX) technology, delivering advanced protection against ransomware, data loss, and the rapidly growing threat of shadow AI. Its ADX platform ensures organizations can prevent unauthorized data movement, whether driven by cybercriminals or ungoverned AI tools, safeguarding customer data and trade secrets.

BlackFog recently won the coveted Cybersecurity Breakthrough Award for AI-based Cybersecurity Innovation of the Year. The company also won Gold at the 2025 Globee Awards for Best AI-Driven Data Protection Solution and for its State of Ransomware report.

Trusted by hundreds of organizations worldwide, BlackFog is redefining modern cybersecurity practices. For more information visit blackfog.com. 

Code Red Communications

Bl******@*******************ns.com