Yearly data from 2024 shows that while ransomware attacks and the number of active gangs have grown, ransom payments saw a significant drop

Almost 40% of ransomware attacks in the US targeted the education sector

North America remains the hardest-hit region, accounting for 50% of all global attacks, which is 193 incidents in May.

Asia experiencec 13% of all global attacks, with 49 incidents in May.

56% of tested Large Language Models (LLMs) are susceptible to Prompt Injection Attacks (PIAs)

Consumer Discretionary saw a significant increase in attacks, rising from 73 attacks in April to 102 in May.

Global ransomware attacks decreased by 6% in May.

There were a total of 393 attacks globally in May. This marks the third consecutive month in which ransomware attacks have dropped.

Safepay emerged as the most active threat group, responsible for 18% of all attacks in May. This translates to 70 attacks attributed to Safepay in May. Safepay has been active since November 2024.

Play moved to second place with 44 attacks in May.

Of the organisations affected by KEVs, 51% are affected by KEVs that are also linked to ransomware and are insecurely connected to the internet.

Industrials remained the most targeted sector, accounting for 30% of attacks. This amounted to 118 attacks in May.

Europe experienced 29% of all global attacks, totalling 112 incidents, in May.

Overall, 79% of all attacks globally took place in North America and Europe in May.

South America experienced 4% of all global attacks, or 17 incidents, in May.

Akira, which led in April with 65 attacks, dropped to fourth place with only 35 attacks in May.

Qilin dropped to third place with 42 attacks in May.

Qilin dropped to third place with 42 attacks in May.

Lack of expertise was the top operational cause of ransomware attacks in organisations with over 3,000 people.

The median ransom payment was $1 million.