89% of healthcare organisations have the top 1% of riskiest IoMT devices on their networks, which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns and an insecure connection to the internet.

Ransomware attacks surged by 132% in Q1 2025.

14% of SMBs experienced ransomware attacks in the past 12 months.

A ransomware attack on a dealership software provider in June 2024 disrupted operations at more than 15,000 North American dealerships

Ransomware payloads in phishing attacks have risen by 22.6% over six months, with a sharp 57.5% increase in just three months.

There was a 22.6% increase in ransomware payloads.

Global levels of ransomware attacks increased month-on-month and year-on-year in February 2025.

North America accounted for 65% of total global ransomware attacks (574) in February 2025.

RansomHub was the second most active ransomware group, with 87 attacks in February 2025.

February attacks reached an all-time monthly high of 886.

Industrials was the second most targeted sector, with 191 ransomware attacks in February in 2025.

Cl0p was the most active threat group in February 2025, responsible for 37% of attacks.

83% of all ransomware cases globally took place in North America and Europe in February 2025.

Akira was the third most active ransomware group, with 77 attacks in February 2025.

Cl0p was responsible for 330 attacks in February 2025, a 460% increase from January (59).

Consumer Discretionary was the most targeted sector with 278 ransomware attacks in February 2025, accounting for 31% of all attacks.

Ransomware attacks in the Industrials sector increased from 149 in January to 191 in February 2025.

Europe accounted for 18% of total global ransomware attacks (159) in February 2025.

February ransomware attacks (886) increased by 50% from January 2025 (590).

Asia was the third most attacked place, with 7% of ransomware attacks (64) in February 2025.