Industrials was the second most targeted sector, with 191 ransomware attacks in February in 2025.

Global levels of ransomware attacks increased month-on-month and year-on-year in February 2025.

Global levels of ransomware attacks increased month-on-month and year-on-year in February 2025.

Asia was the third most attacked place, with 7% of ransomware attacks (64) in February 2025.

More than 1 in 3 (38%) of security professionals predict that ransomware will become even more dangerous when powered by AI.

Only 29% of security professionals report being very prepared for ransomware attacks.

February 2025 saw a total of 962 victims claimed by ransomware groups.

Out of the 962 victims claimed in February 2025, 335 were claimed by the Clop (Cl0p) group.

The number of victims claimed by Clop (Cl0p) saw a 300% jump from the previous month.

There was a staggering 126% increase in claimed ransomware victims year-over-year, from 425 victims in February 2024 to 962 in February 2025.

February 2025 was the single worst month in ransomware history based on the total number of claimed victims.

There has been a 264% increase in ransomware attacks on healthcare since 2018.

In higher education specifically, ransomware attacks were up 70% over 2022.

In 2023, Trustwave researchers monitored 352 ransomware claims against educational institutions.

According to the Malwarebytes report, 43% of all ransomware in education attacks in 2023 targeted higher education and 36% of attacks targeted K-12.

The Highline Public School district has over 2,000 staff members and 17,500 students across 34 schools. All 34 schools were closed due to a ransomware attack.

In 2023, there was a staggering 105% increase in known ransomware attacks against K–12 and higher education, surging from 129 attacks in 2022 to 265 in 2023.

The most active ransomware groups targeting healthcare in 2024 were: Everest: 25% of attacks focused on healthcare organisations, INC Ransom: 21.7% of attacks focused on healthcare organisations, Monti: 20.8% of attacks focused on healthcare organisations, Rhysida: 18.5% of attacks focused on healthcare organisations, BianLian: 15% of attacks focused on healthcare organisations, Qilin: 14% of attacks focused on healthcare organisations, and Black Suit: 14% of attacks focused on healthcare organisations.

The second most active ransomware group in December was Clop with 68 attacks, followed by Akira with 43 attacks and RansomHub with 41 attacks.

There were 66 ransomware healthcare victims in Q1 2024, 87 healthcare victims in Q2 2024, 99 healthcare victims in Q3 2024, and 121 healthcare victims in Q4 2024.