Comparitech researchers have released a study looking at global ransomware statistics for the first half of 2025. With a breakdown of attacks per industry, per location, and per ransomware gang, this research found a 47% increase in ransomware attacks since 2024.
Key findings for H1 2025 include:
- 445 confirmed ransomware attacks
- 260 were on businesses
- 93 were on government entities
- 52 were on healthcare companies
- 40 were on educational institutions
- 3,182 unconfirmed attacks*
- 2,783 were on businesses
- 110 were on government entities
- 161 were on healthcare companies
- 90 were on educational institutions
- 17,070,617 records compromised in the confirmed attacks
- Average ransom demand of over $1.6M
- Akira was the most prolific ransomware group (347 victims – confirmed and unconfirmed), followed by Clop (333), Qilin (318), RansomHub (222), Play (214), and SafePay (186)
- The gangs with the most confirmed attacks were Qilin (40), RansomHub (27), Akira (25), SafePay (19), and INC (19)
The full research can be found here: https://www.comparitech.com/news/ransomware-roundup-h1-2025/
Rebecca Moody, Head of Data Research at Comparitech, provided the following commentary:
“We didn’t need any reminders of how stark the ransomware landscape is, but the fact that we’re seeing a 50 percent year-on-year increase in the number of attacks (when comparing H1 of 2024 to H1 of 2025) only serves to emphasize how companies, large and small, need to do everything they can to lower their risks of suffering from one of these attacks. Put simply–it’s not a case of if, it’s when.”
“While ransomware gangs continue to emerge, evolve, regroup, and change tactics, the basics around mitigating these risks remain the same. Keep software up to date, patch vulnerabilities as soon as they’re flagged, carry out regular system backups, have a plan in place if the worst should happen, and ensure staff are regularly trained.”
This should be a call to action for organizations big and small to do anything and everything to prevent ransomware attacks from being successful. Because the status quo of ransomware gangs running wild must not continue.
Like this:
Like Loading...
Related
This entry was posted on July 2, 2025 at 12:25 pm and is filed under Commentary with tags Comparitech. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Ransomware Roundup: H1 2025 stats on attacks, ransoms, and active gangs
Comparitech researchers have released a study looking at global ransomware statistics for the first half of 2025. With a breakdown of attacks per industry, per location, and per ransomware gang, this research found a 47% increase in ransomware attacks since 2024.
Key findings for H1 2025 include:
The full research can be found here: https://www.comparitech.com/news/ransomware-roundup-h1-2025/
Rebecca Moody, Head of Data Research at Comparitech, provided the following commentary:
“We didn’t need any reminders of how stark the ransomware landscape is, but the fact that we’re seeing a 50 percent year-on-year increase in the number of attacks (when comparing H1 of 2024 to H1 of 2025) only serves to emphasize how companies, large and small, need to do everything they can to lower their risks of suffering from one of these attacks. Put simply–it’s not a case of if, it’s when.”
“While ransomware gangs continue to emerge, evolve, regroup, and change tactics, the basics around mitigating these risks remain the same. Keep software up to date, patch vulnerabilities as soon as they’re flagged, carry out regular system backups, have a plan in place if the worst should happen, and ensure staff are regularly trained.”
This should be a call to action for organizations big and small to do anything and everything to prevent ransomware attacks from being successful. Because the status quo of ransomware gangs running wild must not continue.
Share this:
Like this:
Related
This entry was posted on July 2, 2025 at 12:25 pm and is filed under Commentary with tags Comparitech. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.