The IT Nerd

Today, Comparitech researchers published a ransomware roundup for the third quarter of 2025. So far this year, there have been a total of 5,186 tracked ransomware attacks. This is a 36% increase from the same period of time in 2024. 

Q3 of 2025 also saw a 6 percent increase in attacks from Q2 of 2025—rising from 1,434 to 1,517. 

The study takes a look at the most prolific ransomware strains, as well as at ransomware attacks by sector, finding that year over year, attacks on government and healthcare organizations have decreased, while attacks against the education sector remained similar. 

The full study can be found here at this link: https://www.comparitech.com/news/ransomware-roundup-q3-2025/

Comparitech today reported that auto dealership software company Motility Software Solutions this week notified 766,670 people of an August 2025 data breach that compromised names, SSNs, phone numbers, email addresses, DOBs, and driver’s license numbers. 

Rebecca Moody, Head of Data Research at Comparitech, provided the following commentary:

“This ransomware attack becomes the ninth largest this year so far (based on records affected) and is the second-largest breach on a technology company.

It’s also yet another attack on a software company that’s used by multiple organizations. In recent months, we’ve seen a number of disruptive attacks like these which have had far-reaching consequences either in the large quantities of data breached and/or the disruption of encrypted systems. Other examples include the attack on Collins Aerospace which caused chaos across European airports and the attack on a Swedish technology company, Miljödata, which impacted over 200 municipalities with system downtime and has seen a breach of at least 1 million records.

As hackers continue to evolve and look for the most disruptive ways to have an impact, attacks on companies like Motility Software Solutions offer great appeal because of how many entities can be targeted through one company. While this attack on Motility Software Solutions doesn’t appear to have caused a lot of disruption to car dealers (like the attack on CDK did back in June 2024), it has resulted in a significant data breach.”

Victims of this breach should be prepared for secondary attacks as you know those will be inbound. Thus it highlights the fact that organizations should make every effort to keep the bad guys out at all costs.

Today, Comparitech researchers released a study looking at the state of global ransomware attacks in August 2025. 

Ransomware attacks continued to climb again in August, rising from 473 in July to 506 last month. August also saw a first-of-a-kind attack on the State of Nevada. While hundreds of US government organizations have suffered ransomware attacks, this is the first-ever statewide attack.

Rebecca Moody, Head of Data Research at Comparitech, commented:

“If we needed a reminder of how dominant a threat ransomware is, August’s statistics provide it. Not only did we see a steady increase in attacks but we also witnessed a first-of-its-kind attack on the State of Nevada. The latter in particular highlights how no one, not even a multi-billion-dollar government organization, is immune to these types of attacks. And, even though numerous countries and governments are looking to ban public entities from making ransom payments, this is doing little to deter hackers.”

“Why? It’s likely due to a number of reasons. Firstly, these attacks are often random, e.g. because the hackers start exploiting a known vulnerability or a staff member happens to click on or download something they shouldn’t. Second, even if the hackers don’t receive the ransom, they’re most certainly going to gain notoriety when they make their claim on the State of Nevada. So, when another entity finds itself facing an attack from the same organization, they’ll instantly recognize the group’s name and may be more inclined to pay up before the attack escalates any further. Finally, it’s more than likely that the hackers will have stolen data in this attack on Nevada, so they’ll always have this to sell on the dark web if needed.”

“While banning public entities from making ransom payments may be a step toward reducing ransomware attacks, it isn’t the silver bullet. Rather, it should be part of a multi-pronged approach and one that makes sure the basics are covered. This includes patching any vulnerabilities as soon as they are flagged, making sure systems are regularly updated, carrying out frequent backups, investing in employee training, and having a step-by-step plan in place should an attack occur.”

For full details, the August ransomware roundup can be found here: https://www.comparitech.com/news/ransomware-roundup-august-2025/

Earlier this year, the Tech Transparency Project published a report stating that more than 20 out of the top 100 free VPNs on US app stores showed evidence of Chinese ownership. 

After TTP published its report, Apple removed some of the allegedly Chinese-owned apps from the App Store, but others remained. To further investigate the remaining VPN apps’ ties to China and Russia, Comparitech researchers decompiled the app APKs and checked for network fingerprints.

In total, Comparitech analyzed 24 VPN apps provided on iOS and Android. You can find more details on what was found here: https://www.comparitech.com/news/a-deeper-dive-into-the-china-and-russia-linked-vpns-on-ios-and-android/

Comparitech researchers have released a study looking at the privacy risks of religious apps. The findings are shocking — more than half of the apps offered by Google Play may be violating Google’s privacy policies. 

Key findings include: 

• The average religious app requests access to 21 permissions in total, 3.7 of which are classed as high-level/”dangerous”
• The most common dangerous permissions are ones that request access to read and write external storage (data outside of the app, eg, stored on the device), access location data (precise geolocation data or approximate location based on cell tower or Wi-Fi data), read the phone state (access to current cellular network information, the status of any ongoing calls, and a list of any phone accounts registered on the device), and request access to record audio and/or use the camera function
• 46% of apps (73 apps out of 158) potentially violate Google’s privacy policy standards
• The most common omission from privacy policies was the data retention period (not provided by 56 apps), followed by a clear policy on how users can delete their data (omitted by 48 apps)
• These apps have been downloaded 500 million times

You can find the study here: https://www.comparitech.com/news/religious-apps-study/

Ransomware group Interlock today took credit for a July cyber attack on the city of St. Paul, Minnesota. The attack prompted governor Tim Walz to activate the national guard in response. And to top that off, the city didn’t pay up.

Commenting on this news is Rebecca Moody, Head of Data Research at Comparitech: 

“While the City of St. Paul should be applauded for not meeting its hackers’ ransom demands, it was inevitable that a claim from the responsible group would quickly appear. Interlock wasted no time posting the city to its site and alleges that 43 GB has been stolen. This is made up of 66,460 files across nearly 7,900 folders with the proof pack containing various IDs and documents.”

“Now, the City of St. Paul needs to respond to confirm what data has potentially been impacted and who has been affected. In the meantime, we highly recommend residents and employees remain on high alert for any potential phishing campaigns (e.g. emails, texts, or calls reporting to be from St. Paul) and monitor their accounts for any suspicious activity.”

“As our report for July 2025 has found, ransomware attacks on government entities are of particular concern as hackers remain focused on causing mass disruption via these organizations, with critical infrastructure also being targeted. St. Paul is a prime example of this as numerous areas have been affected, including public works and payments for water services.”

I am a big believer that you should not pay these threat actors as it only encourages them to keep doing this. The new problem is that the data that Interlock stole is now out there. And that will have far reaching effects on those people who are associated with that data.

Today, Comparitech researchers released a study looking at the state of global ransomware attacks in July 2025. It was found that after three consecutive months of decline, July saw a four-percent uptick in ransomware attacks. Additionally, governments remain a key focus for hackers, with nine confirmed attacks on this sector carried out in nine different countries. 

Key findings include: 

• 464 attacks in total — 35 confirmed attacks
• Of the 35 confirmed attacks:
  • 18 were on businesses
  • 9 were on government entities
  • 3 was on healthcare companies
  • 5 were on educational institutions
• Of the 429 unconfirmed attacks:
  • 383 were on businesses
  • 12 were on government entities
  • 21 were on healthcare companies
  • 12 were on educational institutions
• The most prolific ransomware gangs were Qilin (62), INC (55), SafePay (43), Akira (37), and Play (22). INC had the most confirmed attacks (5), followed by Qilin (4), SafePay (3), and Rhysida (2)
• Where hackers provided the data theft size (in 222 cases), nearly 105 TB of data was allegedly stolen, giving an average of 476 GB per breach
• Several new gangs appeared this month, including Payouts King, Beast, and D4RK 4RMY. BlackByte also resurfaced after a 10-month hiatus

For full details, the full research can be found here: https://www.comparitech.com/news/ransomware-roundup-july-2025/

Comparitech researchers have released a study looking at all the government ransomware attacks of the first half of 2025. Government organizations are a dominant focus for hackers, due to the sensitive information the industry holds.

According to the findings, there was a 65% increase in attacks compared to the first half of 2024.

This research looks at ransomware attacks on government organizations by country, finding the U.S. to have been the most targeted. Additionally, the study outlines the biggest ransomware demands on governments, worldwide, as well as which gangs are most prolific in this industry. 

Key findings include: 

• 208 attacks in total – 124 in Q1 and 84 in Q2
• 104 confirmed attacks – 54 in Q1 and 50 in Q2
• 104 unconfirmed attacks – 70 in Q1 and 34 in Q2
• 366,006 records are known to have been breached in the confirmed attacks
• 78.5 TB of data allegedly stolen (67.2 TB in the confirmed attacks)
• Average theft of 1.3 TB of data per attack
• Average ransom demand of $1.65 million
• The most prolific ransomware strains with the highest number of claims against government entities were Babuk (26), Qilin (17), INC (16), Funksec (12), and RansomHub (12)
• Qilin had the most confirmed attacks (13), followed by INC and RansomHub (8 each)

You can read the research here: https://www.comparitech.com/news/government-ransomware-roundup-h1-2025-stats-on-attacks-ransoms-and-data-breaches/

Prestige Maintenance USA this week confirmed that it had notified 65,452 people of a January 2025 data breach that compromised their personal information. Ransomware group Medusa took credit for the breach shortly after it occurred and demanded $1.2 million in ransom. This may not be the first time that they have been pwned as there is an unconfirmed report of ALPHV/BlackCat pwning them in 2023.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:

“Medusa is a ransomware gang that first surfaced in September 2019. It debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay both to decrypt their systems and for not selling or publishing stolen data. Medusa has claimed responsibility for 132 confirmed attacks in total, compromising more than 3.1 million records. Its average ransom demand is $631,000.”

“In 2025, Comparitech researchers have logged 226 confirmed ransomware attacks on US organizations in total, plus 1,788 unconfirmed claims. Ransomware attacks on US organizations can both steal data and lock down computer systems. Infected businesses are forced to either pay a ransom or face extended downtime, permanent data loss, and putting customers at increased risk of fraud.”

The fact that the company didn’t tell anyone about this this until seven months later is troubling. And the fact that they might have been pwned before suggests that this is an organization that isn’t great at keeping the bad guys out. I say that someone needs to ask this company some really tough questions and the company needs to answer them if they want anyone to trust them.

Comparitech researchers have released a study looking at the impact of healthcare ransomware in H1 2025, finding a decline in attacks compared to H1 2024. 

While the healthcare sector hasn’t seen the same influx in attacks as other industries (a recent 2025 H1 report saw a 50 percent increase across the board from 2024), this could be due to several factors.

Ransomware attacks on healthcare companies continue to have devastating consequences. This became only too evident recently when a patient’s death was linked to the June 2024 attack on Synnovis in the UK.

Key findings include:

• 211 attacks in total – 125 in Q1 and 86 in Q2
• 68 confirmed attacks – 45 in Q1 and 23 in Q2
• 143 unconfirmed attacks – 80 in Q1 and 63 in Q2
• 2,372,777 records are known to have been breached in the confirmed attacks
• Average ransom demand of $479,000
• The most prolific ransomware strains with the highest number of claims against healthcare companies were INC (34), Qilin (25), SafePay (14), RansomHub (13), and Medusa (13)
• INC and Qilin had the most confirmed attacks (10 each), followed by Medusa (7), RansomHub (6), and SafePay (4)

The research can be viewed at this link: https://www.comparitech.com/news/healthcare-ransomware-roundup-h1-2025/