In the first six months of this year, ransomware attacks surged dramatically, with U.S. enterprises, small and medium-sized businesses (SMBs), and manufacturing firms being particularly affected.

According to data collected by NordStellar, from January to June, 4,198 ransomware incidents were discovered on the dark web — a 49% increase compared to the 2,809 cases reported in all of 2024.

"We've only reached mid-year, yet the number of ransomware attacks has nearly doubled, showing that these attacks continue to be effective and lucrative for cybercriminals, prompting them to intensify their operations," explained Vakaris Noreika, a cybersecurity analyst at NordStellar.

"Several reasons may explain the rise in ransomware activity, such as the growing prevalence of Ransomware as a Service (RaaS), broader attack surfaces due to remote or hybrid work setups, and economic instability that might push more individuals toward illegal income sources like cybercrime."

U.S. organizations suffered the most, with 596 incidents recorded — representing 49% of all cases — followed by Germany with 84, Canada with 74, the UK with 40, and Spain with 37.

"Not only does the U.S. host numerous high-value companies, but these businesses also tend to have higher public visibility. Therefore, they are more inclined to pay ransoms to minimize reputational damage caused by breaches," Noreika added.

"Tight regulatory requirements also play a role — strict laws around data protection and system uptime can pressure companies into resolving ransomware issues quickly to avoid penalties and loss of trust from clients and partners."

The manufacturing sector alone saw 223 cases, followed by construction with 97, and IT with 88 incidents.

Experts pointed out that this trend is likely due to difficulties in uniformly enforcing security across multiple geographically distributed sites, as well as reliance on outdated and unpatched systems.

Top ransomware groups of 2025 so far

Additionally, companies with 51 to 200 employees and annual revenues between $5 million and $25 million experienced the highest number of ransomware attacks.

This could be attributed to heavy dependence on third-party IT service providers and insufficient cybersecurity defenses, according to the report.

Qilin was the most active ransomware group during the second quarter of this year, carrying out 214 attacks, followed by SafePay — suspected of launching an assault on Ingram Micro earlier this month — with 201 incidents, and Akira with 200 attacks.

Researchers emphasized the need for cybersecurity education to combat phishing attempts, along with adopting multi-factor authentication (MFA) and strong password policies.

"Besides enhancing cybersecurity awareness, businesses should also develop a robust cybersecurity framework to identify threats before they escalate," said Noreika.

"This involves deploying endpoint protection tools, monitoring the dark web for possible data leaks, and closely managing the company's attack surface to address unpatched vulnerabilities promptly."

Be sure to follow php.cn on Google News for all our latest updates, insights, and reviews.

The above is the detailed content of The ransomware boom shows no signs of letting up – and these groups are causing the most chaos. For more information, please follow other related articles on the PHP Chinese website!