Ransomware attacks continue to rise in 2025, with 6,330 cases recorded so far, underscoring escalating risks for small and medium-sized businesses
The latest data analyzed by NordStellar, a threat exposure management platform, reveals that the number of ransomware incidents in 2025 is continuing to grow. Between January and September 2025, 6,330 ransomware cases were exposed on the dark web, representing a 47% increase compared to the 4,293 cases recorded in the same period last year.
“So far this year’s results are highlighting a worrying trend — the number of ransomware cases continues to grow steadily,” says Vakaris Noreika, cybersecurity expert at NordStellar. “The majority of the growth we’re witnessing right now is most likely a direct result of the increase in ransomware-as-a-service (RaaS) that allows cybercriminals to scale their attacks and has lowered the entry barrier for bad actors. Another key factor is the significant increase in the number of active ransomware groups, which has reached an all-time high.”
Noreika explains that the number of active ransomware groups has been consistently increasing over the past five years. In September alone, NordStellar traced back the ransomware incidents to 66 different groups.
Prime targets in Q3 2025: The US, SMBs, and the manufacturing industry
In July-September 2025, 1,943 ransomware cases were exposed on the dark web, a 31% increase compared to the same period in 2024 (1,484 cases). US businesses were the most targeted, accounting for 54% of the 1,274 cases that could be traced to specific victim countries. Canada holds the second spot with 62 incidents, followed closely by Germany (60), the United Kingdom (54), and France (35).
“The findings mirror the results we have been seeing all year,” explains Noreika. “The US is home to numerous profitable public businesses, and this, coupled with strict regulations, makes them an attractive target for cybercriminals. Their potential for high profitability, combined with a higher likelihood of meeting ransomware demands to resolve incidents quickly, increases the chances of success for attackers.”
Ransomware data from July to September 2025 revealed that the manufacturing industry was the most affected by ransomware, with 245 cases, mirroring the results of the previous quarters. It was followed by professional, scientific, and technical services (107), information technology (103), construction (91), and financial services (69).
“Companies operating in the manufacturing industry experience high operational downtime costs, making them more inclined to give in to ransomware demands to resolve the incident as soon as possible. They also often rely on outdated or unpatched software and systems and are more likely to experience supply chain vulnerabilities due to reliance on third-party vendors, partners, and logistics providers,” says Noreika.
He explains that companies operating in the professional, scientific, and technical services industry often work with confidential customer data, intellectual property, and critical business tools, making them an attractive target for ransomware actors. According to Noreika, businesses in the information technology industry are targeted because they handle large volumes of valuable data and are key components of the supply chain. This means that attacking them can spread ransomware to multiple businesses simultaneously.
Small and medium-sized businesses (SMBs) were the most affected. The data revealed that organizations with up to 200 employees and revenues of up to $25 million experienced the most attacks.
“As in the first half of 2025, SMBs continue to remain the primary targets for ransomware. Ransomware actors usually perceive smaller businesses as lower-risk targets because they might lack a sophisticated IT infrastructure, operate on low cybersecurity budgets, and not have the means to investigate or report attacks to authorities,” says Noreika.
He adds that smaller revenue companies may also be more likely to meet attackers’ demands since the cost of downtime, data loss, or reputational damage from a full-blown ransomware attack could devastate the business financially. As a result, many of them could view paying the ransom as the only option, making them a higher success target for ransomware attackers.
Old players take the lead
The ransomware group Qilin was responsible for the most attacks in Q3 2025, with 241 incidents, and continues to hold the number one spot from the previous quarter. It’s followed by Akira (190), INC Ransom (146), Play (102), and Safepay (92).
“Qilin, Akira, and Play are more experienced players, active from 2022-2023, and are known for their double extortion models and large victim scope. They are also more likely to keep their operations in-house, without utilizing or offering RaaS, so as not to compromise their operations,” says Noreika. “Safepay is the youngest group, first detected in the fall of last year, but so far has been consistently among the top perpetrators this year. INC Ransom was first discovered in late 2023 and is generally lesser-known. However, this year, they have been quite consistent with their attacks as well.”
According to Noreika, ransomware groups are highly organized. He explains that business leaders are not always fully aware of the danger they pose — for example, that they often seek out top talent in cybersecurity or might even recruit insiders to carry out a targeted attack against an organization, making them a threat that companies cannot afford to underestimate.
Main mistakes that make a business more vulnerable to ransomware
Noreika explains that the first step in making a company ransomware-resistant is prevention. He highlights cybersecurity hygiene as the primary foundation.
“Most attacks happen due to user error. As a result, raising cybersecurity awareness and increasing training, as well as promoting good cybersecurity hygiene, is the basic first step,” says Noreika.
He continues by saying that employees who can recognize phishing scams, understand the importance of proper password management, and recognize the necessity and importance of utilizing tools like multi-factor authentication or a VPN are less likely to open the company’s network to cyber intruders.
“Another important factor is monitoring and addressing unknown cybersecurity gaps. With more businesses embracing hybrid or remote work models, introducing unmanaged devices and relying on third-party vendors, the attack surface is expanding, and any endpoint can be exploited,” says Noreika.
To stay ahead of attackers, he advises companies to monitor for external vulnerabilities before they are exploited, as well as any potential data leaks on the dark web, to minimize the possibility of a more sophisticated attack. Noreika emphasizes that recovery plans and backing up critical data are among the essential steps to reduce the impact of a potential ransomware incident.
Disclaimer: While the total number of 1,943 ransomware attacks in Q3 2025 is accurate, the figures presented for each category (industry, company size, and country) may be slightly higher. This is because a number of incidents were missing data needed for categorization and thus were omitted.
Ericsson and Vodafone, one of the world’s leading telecommunications companies, have announced a five-year strategic partnership to modernize Vodafone’s network footprint using Ericsson’s high-performing programmable network solutions across several key markets.
Ericsson will be Vodafone’s sole RAN vendor in Ireland, Netherlands, and Portugal, as well as a major vendor in Germany, Romania, and Egypt. This move further deepens the long-standing, strategic relationship between the two companies.
The modernization of Vodafone’s RAN infrastructure and management will lay the foundation for widespread deployment of 5G Standalone, enabling Vodafone to offer differentiated connectivity solutions with guaranteed, performance-based characteristics for their consumer and enterprise customers.
Under the partnership, Vodafone will deploy Ericsson’s state-of-the-art and Open RAN-compatible Massive MIMO radios and RAN Compute solutions, as well as 5G Advanced RAN software capabilities extensively across their networks in these markets.
The pan-European deal introduces Ericsson Intelligent Automation Platform and a number of AI-powered rApps which will be deployed market-by-market to deliver automated RAN optimization, energy efficiency, and management of the multi-vendor network.
Germany will be the first market to deploy the platform and rApps for Ericsson and multi-vendor RAN management, with work beginning in Q4 2025. The comprehensive AI and network evolution partnership will elevate Vodafone’s infrastructure to world-class standards, taking the first steps towards autonomous networks and ensuring their networks are at the forefront of technological advancement and capable of meeting future demands.
Vodafone will further enhance its network infrastructure by using Ericsson 5G Advanced RAN software solutions that employ AI and automation to enable intelligent, real-time network management, improve operational and energy efficiency, deliver superior device and network performance, and create opportunities for new revenue streams through differentiated connectivity services.
By embracing high-performing programmable network architectures, this partnership sets the stage for accelerated innovation and the development of new use cases across Vodafone’s markets. This forward-looking approach will ensure Vodafone’s network infrastructure is fit for the future and adaptable to emerging technologies, solidifying the company’s position as a leader in the global telecommunications landscape.
Posted in Products with tags Ford on October 14, 2025 by itnerd
Over the years I’ve reviewed a lot of vehicles. But I have to admit that this is the most difficult vehicle that I have ever reviewed. Before I get to why it was difficult to review, let’s take a look at the vehicle.
Meet the Ford Expedition. This vehicle is simply huge. And I am not the target audience for it. Why is that? This is for someone who wants a a huge vehicle that carries a lot of people, or stuff, or both. And tows a lot. That’s not me. Sure I could get my wife and I along with both our road bikes in it. But we can do that in an Explorer or even an Escape as well. Thus to properly review this, I need to climb inside the head someone who would use this vehicle for what it is intended to be used for.
This is the King Ranch edition. Which I always thought was a F150 trim level. But clearly not. You see the King Ranch influence everywhere. Including:
The wheels
The interior:
And the door sill plates. There’s more places where you see this influence, but we’d be here all day if I were to point them all out. And for what it’s worth, King Ranch is a real ranch in Texas.
A big vehicle needs a big engine. Right? Well sort of. This Expedition comes with Ford’s 3.5L V6 EcoBoost Engine. It’s mated to a 10 speed automatic transmission. This combo is good for 400 horsepower and 480 pound feet of torque. So while a lot of these body on frame SUVs come with a V8, this one has a V6. And I don’t think that this is a downgrade. Because you can tow 9000 pounds with this setup. And at no point did I feel that I lacked power to merge onto a highway or pass anything. What’s even more impressive is the fact that power is easily modulated with your right foot. The only gripe that I had was that it took me a bit to get used to braking which is able to bring this rather huge SUV to a stop very quickly should the need arise. But I suppose this is a non issue if you daily drive it.
When it comes to fuel economy, it’s not as bad as you might think. The Expedition is rated for 15.4 L/100 KM city, 10.7 L/100 KM highway, and 13.1 L/100 KM combined. I hit 13.1 L/100 KM during my week with the Expedition which was better than I was expecting.
Now this vehicle as I said is huge. And this took me some getting used to as I am coming from an SUV that is much smaller. I will not call it agile, but it had a surprisingly decent turning radius. You can also get it to change lanes in a hurry if needed on the highway without it complaining. Having said that, condo owners like me should take this vehicle off your shopping list as the height of this vehicle is close to the maximum limit of my garage. And parking it in my parking spot was to be frank, comical. I say that because what is normally a 1 minute exercise is 5 minutes with this vehicle as I was taking care to make sure I didn’t hit anything. Thus I spent a lot of time shuffling this vehicle back and forth to get it into my spot without hitting the pillar to my right, or the car to my left. Good thing that it has an array of sensors and cameras to warn you if you are getting too close to an object. That helped immensely. In terms of noise, vibration, and harshness, the Expedition is generally quiet except for tire noise. And while it does bounce if you hit a bump that a bit too big, it wasn’t anywhere near as bouncy as I was expecting it to be.
One other note:
Because this vehicle has about 9″ of ground clearance, this trim level comes with retractable running boards. And if you’re anything shorter than 5′ 5″ tall, you will need them to get in and out of the vehicle.
Tomorrow I’m going to walk you through the interior of the Expedition. But here’s a spoiler alert, it’s on another level.
Guest Post: 2025 seeing a 47% spike in ransomware attacks
Posted in Commentary with tags NordStellar on October 14, 2025 by itnerdRansomware attacks continue to rise in 2025, with 6,330 cases recorded so far, underscoring escalating risks for small and medium-sized businesses
The latest data analyzed by NordStellar, a threat exposure management platform, reveals that the number of ransomware incidents in 2025 is continuing to grow. Between January and September 2025, 6,330 ransomware cases were exposed on the dark web, representing a 47% increase compared to the 4,293 cases recorded in the same period last year.
“So far this year’s results are highlighting a worrying trend — the number of ransomware cases continues to grow steadily,” says Vakaris Noreika, cybersecurity expert at NordStellar. “The majority of the growth we’re witnessing right now is most likely a direct result of the increase in ransomware-as-a-service (RaaS) that allows cybercriminals to scale their attacks and has lowered the entry barrier for bad actors. Another key factor is the significant increase in the number of active ransomware groups, which has reached an all-time high.”
Noreika explains that the number of active ransomware groups has been consistently increasing over the past five years. In September alone, NordStellar traced back the ransomware incidents to 66 different groups.
Prime targets in Q3 2025: The US, SMBs, and the manufacturing industry
In July-September 2025, 1,943 ransomware cases were exposed on the dark web, a 31% increase compared to the same period in 2024 (1,484 cases). US businesses were the most targeted, accounting for 54% of the 1,274 cases that could be traced to specific victim countries. Canada holds the second spot with 62 incidents, followed closely by Germany (60), the United Kingdom (54), and France (35).
“The findings mirror the results we have been seeing all year,” explains Noreika. “The US is home to numerous profitable public businesses, and this, coupled with strict regulations, makes them an attractive target for cybercriminals. Their potential for high profitability, combined with a higher likelihood of meeting ransomware demands to resolve incidents quickly, increases the chances of success for attackers.”
Ransomware data from July to September 2025 revealed that the manufacturing industry was the most affected by ransomware, with 245 cases, mirroring the results of the previous quarters. It was followed by professional, scientific, and technical services (107), information technology (103), construction (91), and financial services (69).
“Companies operating in the manufacturing industry experience high operational downtime costs, making them more inclined to give in to ransomware demands to resolve the incident as soon as possible. They also often rely on outdated or unpatched software and systems and are more likely to experience supply chain vulnerabilities due to reliance on third-party vendors, partners, and logistics providers,” says Noreika.
He explains that companies operating in the professional, scientific, and technical services industry often work with confidential customer data, intellectual property, and critical business tools, making them an attractive target for ransomware actors. According to Noreika, businesses in the information technology industry are targeted because they handle large volumes of valuable data and are key components of the supply chain. This means that attacking them can spread ransomware to multiple businesses simultaneously.
Small and medium-sized businesses (SMBs) were the most affected. The data revealed that organizations with up to 200 employees and revenues of up to $25 million experienced the most attacks.
“As in the first half of 2025, SMBs continue to remain the primary targets for ransomware. Ransomware actors usually perceive smaller businesses as lower-risk targets because they might lack a sophisticated IT infrastructure, operate on low cybersecurity budgets, and not have the means to investigate or report attacks to authorities,” says Noreika.
He adds that smaller revenue companies may also be more likely to meet attackers’ demands since the cost of downtime, data loss, or reputational damage from a full-blown ransomware attack could devastate the business financially. As a result, many of them could view paying the ransom as the only option, making them a higher success target for ransomware attackers.
Old players take the lead
The ransomware group Qilin was responsible for the most attacks in Q3 2025, with 241 incidents, and continues to hold the number one spot from the previous quarter. It’s followed by Akira (190), INC Ransom (146), Play (102), and Safepay (92).
“Qilin, Akira, and Play are more experienced players, active from 2022-2023, and are known for their double extortion models and large victim scope. They are also more likely to keep their operations in-house, without utilizing or offering RaaS, so as not to compromise their operations,” says Noreika. “Safepay is the youngest group, first detected in the fall of last year, but so far has been consistently among the top perpetrators this year. INC Ransom was first discovered in late 2023 and is generally lesser-known. However, this year, they have been quite consistent with their attacks as well.”
According to Noreika, ransomware groups are highly organized. He explains that business leaders are not always fully aware of the danger they pose — for example, that they often seek out top talent in cybersecurity or might even recruit insiders to carry out a targeted attack against an organization, making them a threat that companies cannot afford to underestimate.
Main mistakes that make a business more vulnerable to ransomware
Noreika explains that the first step in making a company ransomware-resistant is prevention. He highlights cybersecurity hygiene as the primary foundation.
“Most attacks happen due to user error. As a result, raising cybersecurity awareness and increasing training, as well as promoting good cybersecurity hygiene, is the basic first step,” says Noreika.
He continues by saying that employees who can recognize phishing scams, understand the importance of proper password management, and recognize the necessity and importance of utilizing tools like multi-factor authentication or a VPN are less likely to open the company’s network to cyber intruders.
“Another important factor is monitoring and addressing unknown cybersecurity gaps. With more businesses embracing hybrid or remote work models, introducing unmanaged devices and relying on third-party vendors, the attack surface is expanding, and any endpoint can be exploited,” says Noreika.
To stay ahead of attackers, he advises companies to monitor for external vulnerabilities before they are exploited, as well as any potential data leaks on the dark web, to minimize the possibility of a more sophisticated attack. Noreika emphasizes that recovery plans and backing up critical data are among the essential steps to reduce the impact of a potential ransomware incident.
Disclaimer: While the total number of 1,943 ransomware attacks in Q3 2025 is accurate, the figures presented for each category (industry, company size, and country) may be slightly higher. This is because a number of incidents were missing data needed for categorization and thus were omitted.
Leave a comment »