February 2025 saw an unprecedented surge in ransomware attacks, with a record-breaking 126% increase in victims compared to February 2024. This alarming rise led to 962 victims, up from 425 the previous year. The surge occurred despite global efforts to dismantle ransomware operations, such as the U.S.-led coalition formed in late 2023. These efforts targeted ransomware gangs’ infrastructure, disrupted payments, and enhanced intelligence sharing, yet they failed to curb the growing number of attacks.
The Cl0p ransomware gang was primarily responsible for the increase, claiming over 300 victims in just one month.
The group exploited vulnerabilities in widely used file transfer software, such as MOVEit and Cleo, to access sensitive data. In December 2024, Cl0p expanded its efforts to target other software, highlighting the growing trend of hackers targeting edge network devices for vulnerabilities. Despite patches for these flaws, many organizations failed to update their systems, leaving them open to attacks.
In addition to the rise in ransomware attacks, other notable developments in the cybersecurity landscape were observed. FunkSec, an emerging ransomware group, launched a new infostealer called Wolfer, designed to extract sensitive information from infected systems. Meanwhile, the Black Basta gang’s internal communications were leaked, revealing tactics and insights into their operations.
These incidents highlight the diverse approaches ransomware groups are using to exploit vulnerabilities and infiltrate sensitive systems.
Experts warn that ransomware attacks will continue to rise in 2025, particularly targeting critical sectors like healthcare and infrastructure. As ransomware gangs grow more sophisticated, organizations are urged to strengthen their cybersecurity measures. This includes improving threat detection, implementing zero-trust architectures, and ensuring regular patching of vulnerabilities. The global vulnerability of connected devices and cloud infrastructure leaves many businesses and governments at risk, with countries like the United States and the UK being the most frequent targets of these attacks.
Reference: