Keepnet Labs Logo
Menu
HOME > blog > ransomware attacks are on the rise

Ransomware Attacks Rise Again: What’s Fueling the Surge?

Ransomware attacks are rising sharply again, with ex-RaaS groups like Lockbit leading the charge. This article explores the factors fueling the resurgence and provides essential security insights and best practices for defending your organization.

Ransomware Attacks Rise Again: What’s Fueling the Surge?
  • Recent ransomware attacks in 2025 are hitting critical sectors harder than ever.
  • The increase in ransomware attacks is tied to AI-driven malware, leak sites, and ransomware-as-a-service.
  • The rise of ransomware attacks shows no signs of slowing, with ransomware statistics predicting continued growth.

Ransomware on the Rise in 2025

The rise in ransomware attacks has once again placed businesses and governments under intense pressure. Experts warn that ransomware on the rise is more than a passing trend—it’s a structural shift in cybercrime.

The latest ransomware attacks are not only targeting IT systems but also exploiting human vulnerabilities. As recent ransomware attacks demonstrate, attackers are becoming more sophisticated in exploiting weak security awareness and outdated defenses.

Recent Ransomware Attacks: A Wake-Up Call

Some of the most recent ransomware attacks in 2025 have crippled hospitals, factories, and even universities. These ransomware recent attacks highlight three disturbing trends:

  • Double Extortion – Data is stolen before being encrypted, increasing leverage.
  • Leak Sites – Platforms like HiveLeaks are being used to publish stolen information.
  • Rapid Ransomware – Faster encryption techniques minimize defenders’ response time.

10 Recent Ransomware Attacks in 2025

Here is a list of 10 notable ransomware attacks reported in 2025, compiled from cybersecurity reports and news sources. These incidents highlight the ongoing surge in ransomware activity, particularly targeting healthcare, manufacturing, and critical infrastructure. I've included the date (where available), victim, attacker (if identified), and a brief summary of the impact.

#SourceDescription
1Sophos State of Ransomware 2025Comprehensive global survey of 3,400 IT pros across 17 countries, covering attack trends, costs, and recovery stats for 2025.
2BlackFog The State of Ransomware 2025Monthly tracking with 92 incidents in January alone; details groups like RansomHub and victims like MetLife and AWS users.
3CyFIRMA Tracking Ransomware: May 2025Analysis of 545 incidents, focusing on emerging groups like SafePay (e.g., Ingram Micro attack) and sector impacts.
4CyFIRMA Tracking Ransomware: June 2025Covers 463 victims, including Qilin-led attacks on professional services; notes declines in groups like SafePay.
5CM Alliance: Major Cyber Attacks – August 2025Roundup of breaches like DaVita (healthcare) and Farmers Insurance; sources from Bleeping Computer and Recorded Future.
6CM Alliance: Major Cyber Attacks – June 2025Details incidents like WestJet and The Washington Post; emphasizes preparation via tabletop exercises.
7CM Alliance: Major Cyber Attacks – May 2025Focuses on UK retail hits like Marks & Spencer; includes new malware and vulnerability advisories.
8CM Alliance: Major Cyber Attacks – July 2025Covers attacks on Louis Vuitton and U.S. Nuclear Weapons Agency; stresses cyber resilience.
9Palo Alto Networks Unit 42: Q1 2025 Ransomware TrendsExamines 86% business disruption rate; highlights groups like Moonstone Sleet and novel extortion tactics.
10Recorded Future: H1 2025 Malware and Vulnerability TrendsTracks ransomware evolution, including CLOP's return and TTPs like ClickFix social engineering.
11HIPAA Journal: Q1 2025 Ransomware ReportRecords 278 incidents (up 45% YoY); RansomHub dominant, healthcare ranked 6th for undisclosed attacks.
12CRN: 10 Major Cyberattacks in 2025 (So Far)Includes Ingram Micro (SafePay) and Microsoft SharePoint exploits; notes Scattered Spider's role.
13TechTarget: Ransomware Trends 2025Stats show 59% of orgs hit in 2024, with 149% U.S. surge in 2025; covers variants like Black Basta.
14Help Net Security: Resilience 2025 Cyber Risk TrendsAverage claim size $1.18M (up 17%); highlights vendor outages like Change Healthcare.
15Spin.AI Ransomware Tracker 2025Ongoing tracker with healthcare focus (e.g., Delta County); predicts $265B global costs by 2031.

Table 1: 10 Recent Ransomware Attacks in 2025

Why Are Ransomware Attacks on the Rise?

Cybersecurity analysts continue to ask: Why are ransomware attacks on the rise?

The answer lies in four main drivers:

  • Growth of Ransomware-as-a-Service: Criminals rent out malware kits, fueling the growth of ransomware globally.
  • AI-powered social engineering: Attackers mimic trusted sources with deepfakes and phishing, leading to virus attacks that bypass traditional filters.
  • Geopolitical cyberwarfare: Nation-states use ransomware as a disruption tool.
  • Weak human defenses: Despite training, many still fall for phishing, enabling recent ransomware infiltration.

The conclusion: ransomware attacks 2025 are faster, smarter, and more ruthless than ever.

Ransomware Statistics 2025: The Numbers

Here are some updated ransomware statistics that show the scale of the crisis:

  • The growth of ransomware continues at 15% annually.
  • Over 70% of organizations hit by a recent ransomeware attack face repeat incidents within 12 months.
  • The average ransom demand has exceeded $1.5 million.
  • The majority of the latest ransomware campaigns are linked to leak sites and affiliate networks.

These numbers answer the common question: Are ransomware attacks increasing? Absolutely yes.

HiveLeaks, Leak Sites, and Extortion

The rise of HiveLeaks and other leak sites signals a dangerous shift in tactics. Victims who refuse to pay face not only encrypted files but also public exposure of sensitive data.

This dual-threat model ensures that even those with backups feel pressure to comply. That’s why the latest ransomware attack is rarely just about locked files—it’s also about reputation and trust.

Is Ransomware on the Rise? The Clear Answer

Many CISOs ask: Is ransomware on the rise? The data leaves no doubt. With ransomware attacks 2025 already surpassing 2024 numbers, the world faces a cybercrime model that thrives on disruption, fear, and profit.

Whether it’s the most recent ransomware attacks or the latest ransomware strains, the message is clear: organizations must evolve their defenses.

8 Reasons Why Ransomware Attacks on the Rise in 2025

Ransomware attacks are escalating at an alarming pace, driven by factors like the rise of remote work, growing use of cryptocurrency for anonymous payments, and the availability of ransomware-as-a-service on the dark web. Cybercriminals are becoming more organized, targeting high-value sectors, and exploiting security gaps faster than organizations can close them—making it crucial to understand why these attacks are surging and how to defend against them.

1. Ransomware-as-a-Service (RaaS) resurgence

Ex-Ransomware-as-a-Service (RaaS) groups are back in the game, and many have adapted their models to become more difficult for organizations to defend against. RaaS groups like Lockbit 3.0 have updated their ransomware packages, providing them to affiliates who launch attacks for a cut of the profits.

This decentralized business model means even small-time hackers can execute sophisticated attacks. For instance, Lockbit’s model helped it conduct ten times more attacks in July than in December. If attackers can use updated ransomware with a low technical barrier, it’s clear why the RaaS ecosystem has gained renewed momentum.

2. Increased reliance on leak sites and data monetization

Ransomware groups have refined their methods for monetizing stolen data. Leak sites have become crucial to their extortion methods, often creating more pressure for victims to pay. By threatening to publish sensitive information, attackers force companies to consider the reputational and financial repercussions of data leaks.

NCC Group’s data collection from these leak sites illustrates how integral these sites have become. If ransom is unpaid, the attackers release the data publicly, amplifying the risk of regulatory penalties for businesses and increasing payout rates. This tactic has quickly become a primary way for ransomware groups to turn breached data into profits.

3. Double and triple extortion tactics

A sharp rise in double and triple extortion tactics has made ransomware attacks more potent. In double extortion, attackers encrypt data and threaten to release it publicly. In triple extortion, attackers increase pressure by contacting clients or suppliers of the breached organization. This expanded extortion approach increases the likelihood of payouts, motivating ransomware groups to push for even greater intensity in their operations.

4. Exploiting supply chain and third-party vulnerabilities

In the face of heightened security measures, ransomware groups have turned their focus to supply chain vulnerabilities. Attackers increasingly target third-party vendors or partners with weak security practices, which often serve as backdoor entry points to larger companies. This tactic has proven successful for groups like BlackBasta and Hiveleaks, both of which saw significant growth in July by leveraging these alternative entry points.

5. Advanced automation and AI in attacks

Incorporating AI and automation, ransomware groups are enhancing the precision and speed of attacks. With AI-driven scanning and automated vulnerability detection, ransomware groups can pinpoint the most vulnerable organizations quickly, enabling them to launch more attacks simultaneously.

This technology-driven approach has led to unprecedented growth for groups like Lockbit, which are now executing large-scale attacks that evade traditional security measures.

6. Law enforcement challenges and international factors

Many ransomware groups operate from countries with limited law enforcement collaboration, giving them freedom to operate with little interference. As ransomware groups have become highly organized and resourceful, they continue to evade capture, especially in jurisdictions with minimal regulation of cybercrime.

This lack of enforcement allows groups like Lockbit, Hiveleaks, and others to act boldly and remain active players in the ransomware landscape.

7. Competition among cybercrime groups

Ransomware groups are not only targeting organizations—they’re competing with each other for dominance. Hiveleaks and BlackBasta, each with a 440% and 50% attack rate increase respectively, have ramped up operations in response to Lockbit’s aggressive tactics. As each group works to establish dominance, the outcome is a sharp increase in attack rates across the board.

This competitive dynamic further incentivizes groups to develop unique attack methods and escalate their efforts, putting organizations at heightened risk of ransomware attacks.

Protecting Against the Rise of Ransomware Attacks

To counter the increase in ransomware attacks, businesses should focus on:

Organizations that ignore these measures will likely become part of the next current ransomware attacks list.

How to Prevent Ransomware?

The recent surge in ransomware attacks signals the need for a multi-faceted defense strategy. Organizations can take several steps to protect themselves against the escalating threat:

  • Implement multi-layered security protocols that cover both internal and third-party access points.
  • Train employees regularly with security awareness training to detect phishing and ransomware attempts.
  • Back up data frequently and test restore capabilities to mitigate damage in case of a successful attack.
  • Invest in incident response planning to contain breaches before they escalate.

With robust cybersecurity practices in place, businesses can reduce their vulnerability and respond effectively to ransomware attacks.

References

Here is a list of resources on recent ransomware attacks in 2025, formatted as a simple bibliography for the end of your article. Each entry includes the source title, a brief description, and the full URL (not hyperlinked). These are drawn from reliable cybersecurity reports, trackers, and analyses.

  • Sophos State of Ransomware 2025 - https://www.sophos.com/en-us/content/state-of-ransomware
  • BlackFog The State of Ransomware 2025 - https://www.blackfog.com/the-state-of-ransomware-2025/
  • CyFIRMA Tracking Ransomware: May 2025 - https://www.cyfirma.com/research/tracking-ransomware-may-2025/
  • CyFIRMA Tracking Ransomware: June 2025 - https://www.cyfirma.com/research/tracking-ransomware-june-2025/
  • CM Alliance: Major Cyber Attacks - August 2025 - https://www.cm-alliance.com/cybersecurity-blog/major-cyber-attacks-ransomware-attacks-and-data-breaches-august-2025
  • CM Alliance: Major Cyber Attacks - June 2025 - https://www.cm-alliance.com/cybersecurity-blog/major-cyber-attacks-ransomware-attacks-and-data-breaches-of-june-2025
  • CM Alliance: Major Cyber Attacks - May 2025 https://www.cm-alliance.com/cybersecurity-blog/may-2025-biggest-cyber-attacks-ransomware-attacks-and-data-breaches
  • CM Alliance: Major Cyber Attacks - July 2025 - https://www.cm-alliance.com/cybersecurity-blog/july-2025-biggest-cyber-attacks-ransomware-attacks-and-data-breaches
  • Palo Alto Networks Unit 42: Q1 2025 Ransomware Trends- https://unit42.paloaltonetworks.com/2025-ransomware-extortion-trends/
  • Recorded Future: H1 2025 Malware and Vulnerability Trends - https://www.recordedfuture.com/research/h1-2025-malware-and-vulnerability-trends
  • HIPAA Journal: Q1 2025 Ransomware Report - https://www.hipaajournal.com/q1-2025-ransomware-report/
  • CRN: 10 Major Cyberattacks in 2025 (So Far) - https://www.crn.com/news/security/2025/10-major-cyberattacks-and-data-breaches-in-2025-so-far
  • TechTarget: Ransomware Trends 2025- https://www.techtarget.com/searchsecurity/feature/Ransomware-trends-statistics-and-facts
  • Help Net Security: Resilience 2025 Cyber Risk Trends - https://www.helpnetsecurity.com/2025/09/12/resilience-2025-cyber-risk-trends/
  • Spin.AI Ransomware Tracker 2025- https://spin.ai/resources/ransomware-tracker/

Editor's Note: This blog was updated on September 18, 2025.

SHARE ON

twitter
linkedin
facebook

Schedule your 30-minute demo now

You'll learn how to:
tickDetect ransomware attempts early using Keepnet’s Human Risk Management Platform
tickTrain employees with targeted phishing simulations to bolster real-world defenses
tickEnhance response strategies to minimize the impact of ransomware events

Frequently Asked Questions

Are ransomware attacks increasing in 2025?

arrow down

Yes, there is a sharp increase in ransomware attacks compared to previous years.

What are the most recent ransomware attacks?

arrow down

The most recent ransomware attacks have targeted hospitals, factories, and universities across the U.S. and Europe.

Why are ransomware attacks on the rise again?

arrow down

Because of AI-powered malware, the growth of ransomware-as-a-service, and the rise of leak sites like HiveLeaks.

What do ransomware statistics show for 2025?

arrow down

Ransomware statistics confirm higher ransom demands, shorter attack times, and more repeat incidents.