-
Ransomware attacks in 2025 have risen to almost 47%, compared to the same time frame in 2024.
-
US-based firms were the primary targets of these cyber attacks.
-
As per the report by NordStellar, February 2025 saw the most ransomware attacks so far.
Cybersecurity firm NordStellar has published a recent report that shows the increase in ransomware attacks globally. Per the blog post, 2025 saw a significant growth of ransomware reports from January to September. There were over 6,330 incidents within this period, a 47% increase from the same time last year.
The analysts at NordStellar got their data from the blogs of over 200 ransomware operators, revealing a disturbing growth of attacks.
US-Based Companies Remain the Key Targets
According to the report, between July to September 2025, businesses in the United States were most affected by the attacks. Firms in the US accounted for 686 cases (54%) of the 1,274 attacks in Q3 2025.
Following the US were Canada (62), Germany (60), the UK (54), and France (35), respectively. Analysts believe this staggering figure of attacks on US-based companies is linked to the massive number of profitable firms in the country.
The United States is home to various thriving public companies, in addition to its stringent regulations, making firms in the US key targets for cyber attacks. Also, these firms have higher possibilities for profitability, and appear to settle ransomware demands quickly. Thus, hackers have higher opportunities of success.
The Manufacturing Industry Bears the Brunt of the Attack
Studies from the report also revealed that the manufacturing industry was the most affected sector in the third quarter of 2025. In Q3 2025, there were 245 reported cases, or 19.7% of the overall reported attacks.
Firms in the manufacturing sector have become more prone to high production costs and dependence on high-end supply chains. Older systems, which remain unfixed or depend heavily on third-party vendors, were the most prone to attacks, the report showed.
The report also claimed that firms in the manufacturing sector experience expensive downtime costs and are more inclined to agree with ransomware demands to settle the incident as soon as possible.
Besides the manufacturing sector, other affected industries included scientific and technical services, accounting for 107 cases. IT (103), construction (91), and financial services (88) followed after, respectively.
SMB Experience Growing Attacks
The report also found that SMBs (small and medium-sized businesses) were the most targeted of all firms during this period. Firms that had fewer than 200 workers, and an annual revenue between $5 million and $25million, recorded the most cases. Attacks on these companies reported a significant figure of 40%, followed by companies with annual revenues between $50 million and $100 million (24.2%).
Analysts noted that these companies are targeted due to limited cybersecurity budgets and unsophisticated IT infrastructure. Many of these companies lack the resources to adequately investigate ransomware cases and report them to legal authorities.
The report also noted that illicit hackers assume that SMBs will easily comply with their demands and pay ransoms. The report added that these firms will try as much as possible to prevent delayed downtime, reputational damage, or data loss that could destroy their operations.
