In 2025, ransomware incidents reached an unprecedented level, with a total of 1,174 publicly disclosed cases, marking a 49% increase compared to the previous year, as reported by BlackFog. The report highlights that approximately 86% of these attacks likely go unreported, revealing a significant gap between known incidents and the actual number of victims listed by attackers, which totaled 7,079 in the same year.
The healthcare sector emerged as the most impacted, comprising 22% of all disclosed attacks, while the services industry experienced the largest surge with a staggering 118% increase. Notably, retail brands, including M&S, Cartier, and Chanel, faced heightened targeting. The report also identified 130 distinct groups involved in attacks, including 52 new entities, signifying a 9% rise from 2024. Among these, Qilin was the most prolific, claiming 1,115 victims, while Akira and Play followed in the rankings.
Additionally, the emergence of AI-enabled attacks was noted, including a significant incident where the Claude model from Anthropic was exploited for reconnaissance and data theft. This shift toward advanced tactics highlights an evolving landscape in ransomware operations, emphasizing speed and stealth over traditional disruption methods.