2025 Saw 45% Increase in Ransomware Attacks

Small and medium-sized businesses with up to 200 employees and revenues up to $25 million experienced the most ransomware attacks.

Marina M Headshot
Adam121 Adobe Stock 315095274
adam121 AdobeStock_315095274

The latest findings from NordStellar reveal that the number of ransomware incidents in 2025 soared compared to 2024. The data shows that in 2025, 9,251 ransomware cases were recorded on the dark web, marking a significant 45% increase compared to 6,395 cases recorded in 2024.

“In the last quarter of 2025, ransomware groups deliberately exploited end-of-year cybersecurity gaps caused by reduced staffing and monitoring," says Vakaris Noreika, cybersecurity expert at NordStellar. "However, there has been an upward trajectory the whole year. Ransomware actors are growing increasingly aggressive, given the surge in 2025, the number of ransomware incidents in 2026 is likely to exceed 12,000."

Key takeaways:

·        The number of ransomware cases rose significantly in the last quarter of 2025. December set a two‑year record, with a substantial 1,004 recorded incidents.

·        The number of ransomware groups has also been increasing. The recorded ransomware incidents in 2025 could be traced back to 134 different groups, a 30% increase from the 103 groups linked to recorded ransomware incidents in 2024.

·        U.S. companies remained the primary targets, with 3,255 recorded ransomware cases in 2025 (a 28% increase from 2,544 incidents in 2024), accounting for 64% of all cases. Canada ranked second with 352 cases (a 46% increase from 2024), then Germany with 270 cases (a 97% increase), the United Kingdom with 233 cases (a 2% increase), and France with 155 cases (a 46% increase).

·        Small and medium-sized businesses (SMBs) with up to 200 employees and revenues up to $25 million experienced the most ransomware attacks.

·        Companies in the manufacturing industry continued to bear the brunt of ransomware attacks, with 1,156 incidents in 2025 (a 32% increase from the previous year), accounting for 19.3% of all cases (a 0.3% increase from 2024). This was followed by the IT industry, with 524 recorded cases (a 35% increase from 2024); professional, scientific, and technical services (494 incidents, a 30% increase); and the construction industry (443 incidents, a 24% increase).

·        According to the findings, the number of ransomware cases peaked in the last quarter of 2025, with 2,910 recorded incidents, marking a 38% increase compared to the same period in 2024 (2,102 cases) and a 49% increase from the number of incidents recorded in the July-September period of 2025 (1,954 cases).

 

"Machinery and industrial equipment manufacturers were also heavily targeted — this could be the result of expanded digitalization and remote connectivity in production environments," says Noreika. "Meanwhile, appliance and electronics manufacturers are facing a higher risk of experiencing a cyberattack due to complex supplier integration and cloud-based operations."

 

Page 1 of 193
Next Page

Create a free Supply & Demand Chain Executive account to continue reading