Breakdown of Confirmed Attacks (39 total) by Sector in April 2025: Businesses: 21 confirmed attacks, Government Entities: 9 confirmed attacks, Healthcare Companies: 6 confirmed attacks, Educational Institutions: 3 confirmed attacks.

Most Prolific Ransomware Gangs (based on attack claims) in April 2025: Qilin: 67 claims. This is an increase from 45 claims in March, Akira: 62 claims, Play: 50 claims, Lynx: 32 claims, NightSpire: 22 claims. RansomHub listed no new victims in April.

Breakdown of Unconfirmed Attacks (440 total) by Sector in April 2025: Businesses: 396 unconfirmed attacks, Government Entities: 16 unconfirmed attacks, Healthcare Companies: 16 unconfirmed attacks, Educational Institutions: 11 unconfirmed attacks/

Extending this, “123456” is used in 338 million passwords. Both “password” (56 million) and “admin” (53 million) remain highly popular, being the most popular passwords at least since 2011.

Days are popular in passwords, with "Monday" appearing in 0.8 million entries.

People's names were the second most prevalent password component.

Professions are popular in passwords, with "boss" appearing in 10 million entries, "hunter" in 6.6 million, "cook" in 4.2 million.

Cities are common in passowrds, with "Rome" appearing in 13 million.

Sports are popular in passwords, with "Soccer" appearing in 4 million entries, "football" in 3.4 million.

There is an 8% chance for names from the 100 most popular names of 2025 list to be included in a password.

Most Prolific Ransomware Strains by Number of Confirmed Attacks in April 2025: Akira: Had the most confirmed attacks with three in total, Qilin: Had two confirmed attacks, NightSpire: Had two confirmed attacks, Silent: Had two confirmed attacks. Silent was new to the scene in April with just four claims in total, Sarcoma: Had two confirmed attacks.

Statistics for the First Four Months of 2025 (Year-to-Date): Healthcare: 34 confirmed attacks logged so far this year. 115 further unconfirmed attacks are being monitored, Government: 49 confirmed attacks logged throughout 2025 so far. 89 further unconfirmed attacks are being monitored, Education: 27 confirmed attacks logged throughout the first four months of this year. 69 further unconfirmed attacks are being monitored, Businesses: 165 confirmed attacks across 2025 so far. 2,118 further unconfirmed attacks are being tracked.

In April 2025, researchers logged a total of 479 ransomware attacks. This represents a significant decline from the monthly figures tracked in Q1 2025: 530 in January, 973 in February, and 713 in March.

Specific Ransom Demands Mentioned: Virgin Islands Lottery (VIL) refused a $1 million ransom demand, Oregon Department of Environmental Quality (DEQ) refused a $2.7 million demand from Rhysida, CPAS de Jemeppe-sur-Sambre (a Belgian social welfare centre) refused a €70,000 ransom demand, Medusa claimed an attack on Fall River Public Schools with a $400,000 ransom demand, Manchester Credit Union reported that Sarcoma attackers did not demand a ransom.

Profane words are very common in passwords. The top entry is “ass” (165 million), partly explained by use in “pass” or “password”. Other common swear words include “fuck” (16 million), “shit” (6.5 million), “dick” (3.2 million), and “bitch” (3.2 million).

US States are popular in passwords, with "Carolina" appearing in 1.9 million entries, "Dakota" in 1.2 million, "Texas" in 1.1 million.

Most people use passwords between 8–10 characters in length, accounting for 42% of the analysed passwords. Eight characters was the most popular length.

Almost 20% of unique passwords mixed case letters and numbers but did not include special characters.

There has been an improvement in complexity over time: in 2022, only 1% of passwords used a mix of lowercase, uppercase, numbers, and symbols; this figure has now climbed to 19%.

Specific Data Amounts Allegedly Stolen: DaVita Inc. (healthcare, US): 1.5 TB of data allegedly stolen by Interlock, ChangShen Hospital (healthcare, Taiwan): 800 GB of data stolen by NightSpire, Sasszemklinika (healthcare, Hungary): 101 GB stolen by Qilin, Saint James Hospital Group: 250 GB stolen, claimed by INC, Oregon Department of Environmental Quality (DEQ): Qilin claims a breach of over 2.5 TB of data, though DEQ denies evidence of a breach, Toppan Next Tech (business, Singapore): 12 GB of data stolen by Akira, involving a data breach affecting at least 11,200 people (including 3,000 from Bank of China and 8,200 from DBS Group), FAKO-M Getränke GmbH & Co. KG (business, Germany): Sarcoma claims to have stolen 446 GB of data, Fleet Canada, Inc. (business): Silent alleged to have stolen 600 GB, Versa Networks (business): Silent alleged to have stolen 854 GB.