In 2025, 9,251 ransomware cases were exposed on the dark web, representing a 45 percent increase from 2024. A new report from threat exposure platform NordStellar shows a significant rise in the number of ransomware cases in the last quarter of 2025, with December setting a two‑year record, with a substantial 1,004 recorded incidents.
“In the last quarter of 2025, ransomware groups deliberately exploited end-of-year cybersecurity gaps caused by reduced staffing and monitoring,” says Vakaris Noreika, cybersecurity expert at NordStellar. “However, there has been an upward trajectory the whole year. Ransomware actors are growing increasingly aggressive — given the surge in 2025, the number of ransomware incidents in 2026 is likely to exceed 12,000.”
The number of ransomware groups has also been increasing. Recorded ransomware incidents in 2025 could be traced back to 134 different groups — a 30 percent increase from the 103 groups linked to recorded ransomware incidents in 2024.
Companies in the US remain the primary target, with 3,255 recorded ransomware cases in 2025 (a 28 percent increase from 2,544 incidents in 2024), accounting for 64 percent of all cases. The US is followed by Canada with 352 cases (a 46 percent increase from 2024), then Germany with 270 cases (a 97 percent increase), the United Kingdom with 233 cases (a two percent increase), and France with 155 cases (a 46 percent increase).
Interestingly small and medium-sized businesses (SMBs) with up to 200 employees and revenues up to $25 million experienced the most ransomware attacks. This data aligns with the findings from 2024, which show that SMBs accounted for the majority of incidents, suggesting that they’re seen as softer targets.
“SMBs are attractive targets for ransomware attacks because they often lack security staff and tools and operate within limited cybersecurity budgets — all of which are essential to safeguard their systems,” adds Noreika. “Smaller organizations are also more likely to rely on outdated software, have limited security monitoring, and rely on external vendors for IT support. Consequently, when attacked, they’re more likely to pay ransoms quickly to avoid business disruptions, which is why ransomware groups keep targeting them.”
Manufacturing industry continues to bear the brunt of ransomware attacks, with 1,156 incidents in 2025 (a 32 percent increase from the previous year), accounting for 19.3 percent of all cases. The IT industry comes second with 524 recorded cases (a 35 percent increase from 2024), followed by professional, scientific, and technical services (494 incidents, a 30 percent increase), the construction industry (443 incidents, a 24 percent increase), and healthcare, with 339 attacks (a six percent decrease from 2024).
You can find out more on the NordStellar blog.
Image credit: lighthouse/depositphotos.com
![how-real-time-analytics-is-powering-innovation-[q&a]](https://thetechbriefs.com/wp-content/uploads/2025/06/25540-how-real-time-analytics-is-powering-innovation-qa.jpg)