The IT Nerd

 Comparitech has released its monthly ransomware roundup for November 2025. The research examines ransomware trends in 2024 and 2025, including both confirmed and unconfirmed attacks by month. It explores the number of attacks across key sectors, including business, healthcare, government, and education, and compares these figures to October’s findings.

Additionally, the research looks at ransomware claims by industry, comparing October to November 2025, identifies the most prolific ransomware strains, and analyses attacks by ransomware group and by country in November. A brief sector-specific analysis of the attacks is also included. The research found that Qilin continued to hold the top spot for the number of claims (107), though Akira (100) and Clop (94) closed in on its lead throughout November.

Key findings include: 

• 659 attacks in total — 38 confirmed attacks (confirmed by the entity involved)
• Of the 38 confirmed attacks:
  • 22 were on businesses
  • 10 were on government entities
  • 2 were on healthcare companies
  • 4 were on educational institutions
• Of the 621 unconfirmed attacks*:
  • 544 were on businesses
  • 18 were on government entities
  • 30 were on healthcare companies
  • 17 were on educational institutions
• The most prolific ransomware gangs were Qilin (107), Akira (100), and Clop (94)
• Qilin had the most confirmed attacks (5), followed by INC (3) and Akira, Clop, Everest, and Beast (2 each)
• Where hackers provided the data theft size (in 276 cases), over 31,200 TB of data was allegedly stolen. This huge figure stems primarily from Qilin’s claim on a US manufacturer where it alleged to have stolen “31,063,838.00 GB”.
• The US saw the most attacks (354), followed by Canada (34), the UK (17), and Germany and India (14 each)

*12 attacks were on unknown companies that couldn’t be attributed to a specific sector.

Here is a link to the research: https://www.comparitech.com/news/ransomware-roundup-november-2025/ 

This Black Friday, around half of us will reach for our smartphones to try and bag the latest deal, with 27 percent of people preferring to do this via a retailer’s app. 

But is there a privacy cost in trying to get the best deal via an app?

Today, Comparitech researchers have published a study looking at just this. By analyzing 101 of the most popular Black Friday apps, they have found out the exact data privacy cost these convenient bargains come with. 

Key findings include: 

• The average app requests access to nearly 29 permissions in total, 8 of which are classed as high-level/”dangerous”
• The most common dangerous permissions are ones that request access to the device’s camera, access location data (precise geolocation data or approximate location based on cell tower or Wi-Fi data), and read and write to external storage (data outside of the app, e.g. stored on the device)
• 23% of apps (23 apps out of 101) potentially violate Google’s privacy policy standards
• The most common omission from privacy policies was the data retention period (not provided by 8 apps), followed by a clear policy on how users can delete their data (omitted or restricted/unclearly defined by 11 apps)
• The average app comes with 7 trackers, with one app (Vinted) coming with 17
• These apps have been downloaded by over 7 billion people

For full details, this research can be read here: https://www.comparitech.com/news/data-privacy-black-friday-apps/

More and more, Digital IDs are hailed by governments as a convenient way to prevent identity theft, access key services (e.g., health and social welfare benefits), and create efficient systems. And, as the UK government is hoping to demonstrate, they may also help combat illegal immigration by making digital IDs a mandatory requirement for those seeking work.  

Comparitech researchers have released an in-depth study comparing digital ID requirements and privacy risks across 50 countries, finding that already 37 countries have implemented digital ID schemes. Additionally, 9 more are in the process of creating them.

Additionally, this research comes along the same time that Apple has launched digital IDs for United States passport holders. 

Rebecca Moody, Head of Data Research at Comparitech, provided the following commentary:

“It goes without saying that digital IDs have their advantages, from providing easy access to online services and streamlining government processes to always having access to your ID wherever you go (so long as you’ve got your phone).

But where digital IDs become a huge cause for concern from a privacy perspective is when they’re introduced as a mandatory requirement (or citizens find it difficult to perform certain tasks without one), they’re used to surveil citizens’ movements and activities, and/or they’re introduced under the guise of providing one solution but soon become needed to access other key services.

For example, Apple’s digital IDs for US passports will no doubt be a hugely convenient service for US citizens and domestic travelers as they’ll eliminate the need to carry a physical passport. And, as it stands, Apple says users’ use of the digital ID won’t be tracked. But, over time, it may be implemented in other sectors and for other services, which may increase the risk of surveillance and what is known as “function creep.” This is also the case with the UK’s proposed BritCard, which will only apply to those seeking work (at first), but will likely expand to include other government services in time.

Ultimately, digital IDs are often introduced as a convenient tool that might not seem to encroach on a user’s privacy too much. But, as more users adopt the ID and more services are added to it, it can quickly become an invasive method of government control. And, once they become mandatory (like the UK’s BritCard), there’s no going back.”

You can read the research here: https://www.comparitech.com/blog/vpn-privacy/digital-ids-study/

Comparitech has reported that Marquis Software Solutions suffered a data breach in August that compromised Social Security numbers, tax ID numbers, account numbers, and dates of birth. This is according to a notice published yesterday from Community 1st Credit Union, one of the impacted banks.

Rebecca Moody, Head of Data Research at Comparitech, commented: 

“This attack highlights how companies not only face the ongoing threat of ransomware attacks within their own systems but also through the systems of third-party vendors they use to carry out various services. It’s also why these types of companies appeal to hackers, as they can often access hundreds of companies’ data through just one target.

While we don’t yet know how extensive this breach is, the notification issued by Community 1st Credit Union does appear to imply that a number of financial institutions have been impacted in the attack. Therefore, it’s likely we’ll see the current figure of 6,876 (the total affected via C1st) growing in the coming weeks.”

Ah, supply chain attacks. This is becoming the bread and butter of threat actors as they can hit a bunch of targets with ease. This means that organizations need to ensure that their partners are as secure as they are, otherwise bad things will happen to them.

Comparitech researchers have published a new study, finding that the 100 most common passwords in 2025 are ‘123456’, ‘admin’, and ‘password’. 

For this analysis, Comparitech researchers aggregated more than 2 billion real account passwords leaked on data breach forums in 2025. Using that data, they amassed a list of the most-used passwords — including a couple interesting ones!

While this is a fun list to read through, these findings show exactly why password security really matters. Modern password cracking programs make short work of weak passwords, and common passwords like in this list are easily guessed. By using these passwords, people are putting themselves and their organizations at an extremely high risk. 

Here’s the research for your review: https://www.comparitech.com/news/minecraft-qwerty-and-india123-among-2025s-most-common-passwords-report/

n a study published this morning, Comparitech found that ransomware attacks increased by 25 percent in October, rising to 684 in comparison to 546 in September. This is a significant increase in attacks and the third-highest monthly figure in 2025 so far. 

Manufacturers continue to see the most attacks, accounting for nearly 19 percent of attacks in October, but only rose 9% from September. In contrast, attacks on the healthcare sector rose significantly, jumping 115%. Other sectors that saw high increases were transportation (109%) and retail (104%).

Key findings for October include: 

• 684 attacks in total — 47 confirmed attacks (confirmed by the entity involved)
• Of the 47 confirmed attacks:
  • 27 were on businesses
  • 10 were on government entities
  • 3 were on healthcare companies
  • 7 were on educational institutions
• Of the 637 unconfirmed attacks*:
  • 561 were on businesses
  • 14 were on government entities
  • 53 were on healthcare companies
  • 8 were on educational institutions
• The most prolific ransomware gangs were Qilin (186), Akira and Sinobi (70 each), INC (32), Play (26), and DragonForce (20)
• Qilin had the most confirmed attacks (10), followed by Clop (4) and RansomHouse (3)
• Where hackers provided the data theft size (in 315 cases), over 162 TB of data was allegedly stolen, an average of 516 GB per breach
• The US saw the most attacks (374), a 33 percent increase from September (282). Australia saw one of the biggest monthly increases in attacks (rising from four to 14), as did Japan (rising from three to 10)

For full details, including more details on the most impacted sectors, most active ransomware gangs, as well as most targeted countries, the full October ransomware roundup can be read here: https://www.comparitech.com/news/ransomware-roundup-october-2025/

Comparitech researchers have published a detailed study looking at ransomware attacks against the educations sector for the first three quarters of 2025.

According to the study, 180 attacks on the education sector occurred in this time period. This is a 6% increase from the same period in 2024. Despite these higher figures, the last two quarters of 2025 do offer a more positive outlook for the education sector, with significantly lower numbers of attacks than the previous three quarters. 

This study dives into all things education ransomware attacks — including the average ransomware demand across these attacks, which ransomware gangs were the most prolific in this sector, which countries were most impacted, as well as which attacks were the largest in this period. 

Key findings for Q1-Q3 2025

• 180 attacks in total
• 63 confirmed attacks
• 117 unconfirmed attacks
• 227,214 records are known to have been breached in the confirmed attacks
• Average ransom demand across all attacks = $444,400 million
• The US and UK have seen a similar number of attacks (when compared to the same period of 2024), while attacks in France have doubled and Australia, Brazil, and Spain have seen a number of attacks despite recording none in the first nine months of 2024
• The ransomware strains that claimed the most attacks against schools, colleges, and universities were Qilin (24), Fog (18), SafePay (17), Interlock (13), and INC (12)
• Interlock took credit for the most confirmed attacks (8), followed by Fog (7), Qilin (6), and SafePay, Medusa, Nova, and Kairos (3 each)
• Nearly 233 TB of data was allegedly stolen across all attacks

You can read the study here: https://www.comparitech.com/news/education-ransomware-roundup-q1-q3-2025-stats-on-attacks-ransoms-and-data-breaches/

Comparitech researchers has published a research study diving into this very ransomware gang.

Key findings for Qilin in 2025 include:

• 701 victims (118 of these attacks have been confirmed)
• 45 attacks on healthcare providers (14 confirmed)
• 40 attacks on government entities (22 confirmed)
• 26 attacks on the education sector (7 confirmed)
• 590 attacks on businesses (75 confirmed):
  • 143 on manufacturers (11 confirmed)
  • 108 on service-based businesses (9 confirmed)
  • 69 on finance companies (27 confirmed)
  • 50 on retailers (2 confirmed)
  • 34 on construction companies (2 confirmed)
• 788,377 records breached in the confirmed attacks
• 116 TB of data stolen across all attacks (47 TB in confirmed attacks)
• The US accounts for the most attacks (375), followed by France (41), Canada (39), South Korea (33), and Spain (26)

You can read more here: https://www.comparitech.com/news/qilin-ransomware-stats-on-attacks-ransoms-data-breaches/

This morning, Comparitech researchers published an in-depth look at the impact of government ransomware attacks globally for the period of Q1-Q3 2025. 

According to the study, during the first nine months of this year, there was a total of 276 attacks on government organizations, which was a 41 percent increase from the same period in 2024 (196).

This study dives into all things government ransomware attacks — including the average ransomware demand across these attacks, which ransomware gangs were the most prolific in this sector, which countries were most impacted, as well as which attacks were the largest in this period. 

Key Finding Include:

• 276 attacks in total
• 147 confirmed attacks
• 129 unconfirmed attacks
• 443,522 records are known to have been breached in the confirmed attacks
• Average ransom demand across all attacks = $1.95 million
• The US has seen an 8% increase in attacks (when compared to the same period of 2024)
• The ransomware strains that claimed the most attacks against government agencies were Qilin (31), Babuk (26), INC (25), SafePay (13), Funksec (12), RansomHub (12), and Medusa (10)
• Qilin took credit for the most confirmed attacks (19), followed by INC (12), RansomHub (8), and SafePay (6), and Medusa (6)

For full details, the study can be read here.

Comparitech researchers have published a study looking at all things healthcare ransomware attacks for the first nine months of 2025. 

According to the study, 293 ransomware attacks occured in this time frame against hospitals, clinics, and other direct care providers. There was a further 130 attacks on businesses operating within the healthcare sector, such as pharma, billing, etc. 

Attacks on healthcare providers saw similar numbers in the same period last year, but attacks on healthcare businesses rose by 30 percent. 

You can read the report here: https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-q3-2025-stats-on-attacks-ransoms-and-data-breaches/