South America accounted for 5% of ransomware attacks (42) in February 2025.

February ransomware attacks (886) increased by 119% compared to February 2024 (403).

Play was the fourth most active ransomware group, with 43 attacks in February 2025.

Consumer Discretionary was the most targeted sector with 278 ransomware attacks in February 2025, accounting for 31% of all attacks.

More than 1 in 3 (38%) of security professionals predict that ransomware will become even more dangerous when powered by AI.

Only 29% of security professionals report being very prepared for ransomware attacks.

There has been a 264% increase in ransomware attacks on healthcare since 2018.

The number of victims claimed by Clop (Cl0p) saw a 300% jump from the previous month.

February 2025 saw a total of 962 victims claimed by ransomware groups.

There was a staggering 126% increase in claimed ransomware victims year-over-year, from 425 victims in February 2024 to 962 in February 2025.

February 2025 was the single worst month in ransomware history based on the total number of claimed victims.

Out of the 962 victims claimed in February 2025, 335 were claimed by the Clop (Cl0p) group.

The Highline Public School district has over 2,000 staff members and 17,500 students across 34 schools. All 34 schools were closed due to a ransomware attack.

In 2023, Trustwave researchers monitored 352 ransomware claims against educational institutions.

In 2023, there was a staggering 105% increase in known ransomware attacks against K–12 and higher education, surging from 129 attacks in 2022 to 265 in 2023.

According to the Malwarebytes report, 43% of all ransomware in education attacks in 2023 targeted higher education and 36% of attacks targeted K-12.

In higher education specifically, ransomware attacks were up 70% over 2022.

The most active ransomware groups targeting healthcare in 2024 were: Everest: 25% of attacks focused on healthcare organisations, INC Ransom: 21.7% of attacks focused on healthcare organisations, Monti: 20.8% of attacks focused on healthcare organisations, Rhysida: 18.5% of attacks focused on healthcare organisations, BianLian: 15% of attacks focused on healthcare organisations, Qilin: 14% of attacks focused on healthcare organisations, and Black Suit: 14% of attacks focused on healthcare organisations.

The industrials sector was the most heavily targeted sector, facing 24% of all ransomware attacks, totaling 1364, in December 2024.

There were 66 ransomware healthcare victims in Q1 2024, 87 healthcare victims in Q2 2024, 99 healthcare victims in Q3 2024, and 121 healthcare victims in Q4 2024.