Global ransomware attacks increased by 50% last year, making 2025 a record-breaking year for ransomware activity globally.
Cybersecurity firm NCC Group registered a total of 7,874 cybersecurity incidents last year, including ransomware attacks on high-profile targets such as Marks & Spencer, Co-op, and Harrods.
With 1,022 cyberattacks to its name, Qilin was the most prolific ransomware operation of 2025. The ransomware group stole 27GB of data from Japan’s largest brewer, Asahi. The gang also claimed responsibility for attacks on Nissan, Volkswagen, and Scientology.
Other infamous extortion groups in 2025 were Akira, with 775 attacks, and Cl0p, with 517 attacks. LockBit 3.0 dropped out of the 10 following ongoing international law enforcement actions.
Scattered Spider, which has been linked to multiple high-profile attacks in the United States and the United Kingdom, including Marks & Spencer, didn’t make it into the top 10.
Not surprisingly, big business was the most targeted sector in 2025, accounting for 2,190 attacks, which is an increase of 54% compared to 2024. It remains a beloved target for hackers because of its interconnected supply chains: a cyberattack on one business affects numerous manufacturers all across the board. That’s why the incident at Jaguar Land Rover was named “the most damaging event” in the history of the United Kingdom.
According to the NCC Group’s Annual Cyber Threat Intelligence 2025 report, North America was the most targeted region in 2025, accounting for 56% of all recorded cyberattacks. Europe represented 22% of claimed incidents, followed by Asia at 12%.
Matt Hull, Vice President of Cyber Intelligence and Response at NCC Group, says that artificial intelligence (AI) is a significant instigator of the rise in the number of cyberattacks.
“Nearly 8,000 ransomware attacks in a single year suggest that disruption at this scale is becoming normalized. The top players may change, but the threat is accelerating, not slowing. What’s different now is the industrialization of ransomware. AI-driven tools and commoditized kits mean the barrier to entry has collapsed, and attackers can scale faster and adapt more quickly,” he states in a press release.
Hull recommends that businesses and organizations invest more in cyber resilience. If not, they are putting themselves at “serious operational and financial risk.”
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked