Cybersecurity researchers warned that February 2025 saw a 119% increase in ransomware attacks from a year earlier. According to data from the cybersecurity researchers at NCC, the vast majority of the attacks – 83% – occurred in North America and Europe. Moreover, the cybergang Cl0p also increased its activities significantly just since January, spiking by 460%. RansomHub was reported to be the second most active threat group, responsible for 10% of attacks globally.
“Ransomware victim numbers hit record highs in February, surging 50% compared to January 2025, with Cl0p leading the charge,” warned Matt Hull, head of threat intelligence at NCC Group.
“Unlike traditional ransomware operations, Cl0p’s activity wasn’t about encrypting systems – it was about stealing data at scale,” Hull said in a statement to ClearanceJobs. “By exploiting unpatched vulnerabilities in widely used file transfer software, much like we saw with MoveIT and GoAnywhere, they were able to exfiltrate sensitive information and will now start to pressure victims into paying.”
The NCC Group further noted that it has seen a shift towards data theft and extortion, which is quickly becoming the go-to strategy for ransomware groups, as it allows cybercriminals to target more organizations and maximize their leverage over victims.
The Government Sector Under Attack
A separate report from cybersecurity provider Comparitech also found that between 2018 and December 2024, 525 individual ransomware attacks were carried out against US government organizations, costing an estimated $1.09 billion in downtime.
“The number of records impacted also hit an all-time high in 2024 with 2.3 million records impacted–nearly three times the number of records affected in 2023 (almost 850,000),” Comparitech warned.
In addition, it noted that ransomware attacks on government organizations had doubled in recent years, climbing from 41 in 2022 to 83 in 2023 and 88 in 2024.
“Governments remain a key target for hackers, not only because of the disruption that they can cause by encrypting systems but due to the data that’s often stored by these entities,” Rebecca Moody, head of data research at Comparitech, told ClearanceJobs.
“As we’ve seen, there has been a shift from focusing on encrypting systems to carrying out a double-pronged attack whereby systems are encrypted and data is also stolen,” Moody continued. “While this is something we’ve seen across all industries, this does also give hackers valuable data that they can sell, especially if the government entity concerned is banned from meeting any ransom demands.”
The research report also highlighted how lengthy downtime is for government agencies, particularly when compared to other industries, such as healthcare.
“This perhaps suggests that governments are already stretched when it comes to trying to recover from these attacks,” Moody added.
The current efforts underway within the U.S. government to cut waste could end up costing more in the long run.
“Downsizing government organizations may only worsen this problem,” said Moody. “Ultimately, many of these attacks happen due to human error, and if departments are understaffed and overworked, this could increase lapses in concentration and provide hackers with an advantage.”
Micro Ransomware Attacks Also Increasing
The past few months have also seen a wave of road toll texts that have been increasingly sent out warning drivers that their EZ Pass or other smart pass system either expired or failed to register and that they needed to pay a toll or face more serious punishment.
This variation on ransomware doesn’t hold a device captive, but it works similarly with elements of a more traditional phishing attack, where money is demanded from the victim. Because the amount requested is usually small – often well under $100 – some are quick to pay before realizing it is a scam.
“It’s people being scared, reactive, and acting without thinking,” explained technology industry analyst Roger Entner of Recon Analytics. “The initial amount is only the first step in an unhappy voyage.”
That is because instead of seizing control of a device, the thieves may gain personal information.
“The fraudsters have the credit card info and can make other purchases with it,” Entner told ClearanceJobs.
This is why security experts say that it is important not to react quickly when demands of this kind are made. The cybercriminals employ a sense of urgency, which results in people letting their guard down.
There is good news too.
“Law enforcement is ramping up its efforts, and recent takedowns show that international collaboration is having a real impact,” Hull added. “But as attackers evolve their tactics, defenders must do the same. Businesses need to move beyond reactive measures and take a proactive stance, ensuring vulnerabilities are patched, data is protected, and incident response plans are ready to go.”
