-
On average, dark web leak sites exposed 145 new victims every week in 2025, ending the year with a total of 7,515 claimed victims.
-
Small and mid-sized U.S. manufacturers took the hardest hit because the majority of them didn’t have the right security in place and felt more pressure to pay up.
-
The Qilin group was behind most of it, with their attacks skyrocketing by more than 400%.
A new report revealed there has been an overwhelming increase in the number of Ransomware attacks over the past year.
The last few months of 2025 saw attacks hit a two-year high with cyber criminals hitting tons of companies and exploiting every weak spot they could find.
A Year of Unrelenting Attacks
Last year was brutal for cybersecurity. A report from GuidePoint Security shows more than 7,500 ransomware cases were leaked on the dark web, which is an increase of 58% from what was experienced in 2024.
And the holidays? Brutal. In December alone, there were 1,004 attacks – the most ever in a single month. Security experts at TorNews think ransomware groups went after companies when they were less focused at the end of the year. With fewer people watching the networks, they pretty much had free rein.
But the problem grew all year. The overall number of ransomware groups rose a staggering 30% to 134 different criminal enterprises. This rising aggression suggests 2026 could see over 12,000 incidents.
So, Who Got Hit the Most?
The primary target of attacks has been the United States. Companies in the US were hit hardest by ransomware attacks with a total of 3,255 cases, marking approximately 64% of the worldwide total for that year. Canada, Germany, the UK, and France followed, with Germany seeing a massive 97% year-over-year increase.
The bullseye, however, was firmly on small and medium-sized businesses (SMBs). Companies with up to 200 employees and $25 million in revenue were hit most. “They often lack security staff and tools,” Noreika explains. These businesses usually have tight cybersecurity budgets. They are more likely to use outdated software.
When attacked, businesses feel an urgency to make payments to criminals promptly to avoid large-scale interruptions in business. This urgency makes businesses prime candidates for exploitation by criminals.
Criminals Target Manufacturing Sectors the Most
Manufacturing was once again the most targeted sector during the last year with 1,156 attacks, accounting for almost 20% of all attacks that occurred globally. The IT sector, professional services, and construction followed closely.
Within manufacturing, general manufacturers, machinery makers, and electronics firms were top targets. These SMBs are a “sweet spot” for hackers. They have enough revenue to pay large ransoms but often lack strong security or fast recovery plans, as seen in high-profile incidents like the Rhysida ransomware gang’s 2TB data leak from a US manufacturing giant.
With every sector going digital, the cyber space keeps changing so fast and supply chains getting more complicated, it’s easier than ever for ransomware attackers to sneak into a business. If they find just one weak spot in your supply chain, they could use it to get into every other area of operation.
This trend of targeting essential but often under-secured sectors is a global phenomenon. For instance, a related surge in cybercrime has severely impacted critical infrastructure in other regions, particularly hitting education and telecom sectors across Africa.
Criminal Groups Behind the Attacks
Ransomware-as-a-service these days is a dog-eat-dog world, and Qilin was the busiest ransomware group in 2025. They reported way more attacks, like a mad 408% jump from 2024, hitting 1,066 in total. Akira and Cl0p were also big players, with both of them getting way more active last year.
Newer players like Safepay emerged explosively. Their activity increased by a dizzying 775%. Law enforcement actions can disrupt groups temporarily, but often criminals will simply rebrand or change names and still come back to resume operations.
Reality dictates that ransomware isn’t going away but it’s becoming more and more fluid; therefore, all businesses and sectors are at risk. Therefore to remain safe, businesses must do the basics of cybersecurity which include continual monitoring of their own security and ensuring they have a plan prepared in advance in the event of a breach. Survival is the key goal.
