Publicly disclosed ransomware attacks increased by 49 percent year on year in 2025. The total number reached a record high of 1,174 incidents, nearly four times higher than in 2020.
This is among the findings of BlackFog’s 2025 State of Ransomware Report, which also shows 130 different ransomware groups carried out attacks in 2025, spanning both new and more established operators. Of these, 52 were new ransomware groups emerging in 2025 — representing a nine percent increase compared to 2024.
2025 saw the arrival of large scale AI-enabled attacks when attackers hijacked Anthropic’s Claude model to autonomously perform reconnaissance, exploitation, and data theft — a first‑of‑its‑kind AI‑led cyberattack.
With high-profile attacks affecting high street brands, luxury retailers and fashion houses, the retail sector saw increased targeting. In terms of volume, the healthcare sector was once again the most targeted vertical, accounting for 22 percent of all disclosed ransomware attacks in 2025.
Nearly all sectors experienced increased attack volumes, however, with the services industry more than doubling year-on-year, recording a 118 percent increase. Education was the only sector to see a decline, with attacks decreasing by approximately 12 percent.
Geographically the the United States remains the primary target for ransomware, accounting for 58 percent of all recorded attacks. Australia and the United Kingdom followed, with 110 and 42 attacks respectively.
Dr Darren Williams, Founder and CEO of BlackFog, says:
The global impact of ransomware across 2025 has been unprecedented. From high street chains to hospitals, ransomware doesn’t respect borders, the size of organization or the sector you’re in. It’s brought vital services, established companies — and the smaller partners who depend on them — to a grinding halt.
Yet the disruption they cause is only part of the story. Attackers aren’t just breaking in — they’re intent on stealing data to power extortion. By weaponizing AI they can outpace defenders at a new scale and use stealthy targeted techniques to slip past traditional security measures. Putting protections in place to close these gaps and prevent data exfiltration has to take priority as attackers focus on targeting organizations’ most sensitive information.
There was a sharp rise in undisclosed ransomware activity in 2025, with 7,079 victims announced by ransomware groups on dark web leak sites, representing a 37 percent increase compared to 2024. These figures suggest that approximately 86 percent of ransomware attacks are never publicly reported.
You can get the full report from the BlackFog site.
Image credit: lighthouse/depositphotos.com
