20% of HIS (hospital information systems), which manage clinical patient data, as well as administrative and financial information, have KEVs linked to ransomware and insecure internet connectivity, impacting 58% of organisations

Ransomware attacks surged by 132% in Q1 2025.

14% of SMBs experienced ransomware attacks in the past 12 months.

A ransomware attack on a dealership software provider in June 2024 disrupted operations at more than 15,000 North American dealerships

There was a 22.6% increase in ransomware payloads.

Ransomware payloads in phishing attacks have risen by 22.6% over six months, with a sharp 57.5% increase in just three months.

Cl0p was the most active threat group in February 2025, responsible for 37% of attacks.

83% of all ransomware cases globally took place in North America and Europe in February 2025.

Play was the fourth most active ransomware group, with 43 attacks in February 2025.

South America accounted for 5% of ransomware attacks (42) in February 2025.

February ransomware attacks (886) increased by 119% compared to February 2024 (403).

Consumer Discretionary was the most targeted sector with 278 ransomware attacks in February 2025, accounting for 31% of all attacks.

Ransomware attacks in the Industrials sector increased from 149 in January to 191 in February 2025.

Europe accounted for 18% of total global ransomware attacks (159) in February 2025.

North America accounted for 65% of total global ransomware attacks (574) in February 2025.

RansomHub was the second most active ransomware group, with 87 attacks in February 2025.

Akira was the third most active ransomware group, with 77 attacks in February 2025.

February attacks reached an all-time monthly high of 886.

February ransomware attacks (886) increased by 50% from January 2025 (590).

Cl0p was responsible for 330 attacks in February 2025, a 460% increase from January (59).