Ransomware crisis escalates to "unprecedented" new heights
Extortion gangs run riot as publically disclosed ransomware attacks reach a record-breaking level - again.
Ransomware attacks surged to a record-breaking high in the first quarter of 2025.
That's according to research from security firm BlackFog, which found that the number of publicly disclosed ransomware attacks in Q1 reached the highest level since its records started in 2020.
From January to March, there were a total of 278 incidents - a 45% increase from Q1 2024.
March set a new high, with 107 incidents - the largest number of disclosed attacks BlackFog has witnessed in a single month and an 81% increase compared with March 2024.
That grim new milestone came after records were set in both January and February, with 22% and 36% increases from 2024 respectively.
Dr. Darren Williams, Founder and CEO of BlackFog. said: "Ransomware incident volumes are reaching unprecedented levels. This presents ongoing challenges for organisations dealing with attackers focused on disruption, data theft and extortion. Different groups will emerge and disband, but they all focus on the same end goal, data exfiltration."
Healthcare was the most targeted sector with 57 attacks, followed by the services industry, which recorded 44 attacks, and the government sector with 30 attacks.
Together, attacks on these three sectors accounted for nearly half (47%) of all disclosed incidents in the quarter.
The figures for undisclosed attacks "reveal the true extent of the rise in ransomware", Blackfog said. During the last quarter, there were 2,124 undisclosed attacks, a 113% year-on-year increase.
This suggests that companies are still failing to disclose ransomware incidents publicly when they are targeted, Blackfog warned.
The services industry was the hardest hit, accounting for 22% (475) of all undisclosed attacks in Q1.
After a "swathe" of attacks in 2024, RansomHub continued to be among the most active ransomware groups and was responsible for 9% of disclosed attacks in the first three months of 2025 (a total of 24).
Following behind was Qilin, accounting for 15 attacks, and Akira with 14 attacks. Other groups carried out 81% (225) of all disclosed attacks.
The rate of data exfiltration has continued to rise, with 95% of all publicly disclosed attacks in this period involving data exfiltration.
This report was generated from data collected by BlackFog Enterprise, which was used to provide insights into global trends for benchmarking.
Get the full list of attacks here.
Have you got a story or insights to share? Get in touch and let us know.
