Ransomware attacks reach record levels in January 2025

The latest report from cybersecurity consultancy NCC Group reveals a significant surge in ransomware attacks, with a record-breaking increase observed in January.

The January Threat Pulse from NCC Group recorded an unprecedented 590 ransomware attacks, marking a 3% increase from December's figure of 574, and an astonishing 114% rise from January last year's total of 276 attacks.

Among the perpetrators, Akira emerged as the most active threat group, accountable for 74 attacks throughout the month. This places Akira at the forefront of global ransomware threats, followed closely by Babuk2 with 63 attacks, the re-emergence of CL0P with 59, and Lynx contributing 42 attacks.

In contrast, the relatively new threat group Funksec, which gained prominence in December, experienced a notable decline in activity, falling to sixth place with 35 attacks in January.

The industrial sector continues to be a major target, sustaining 149 attacks during January, which represents 25% of all targeted sectors. This sector was followed by Consumer Discretionary, which encountered 122 attacks, and Information Technology with 81 attacks.

Regional analysis highlights that North America bore the brunt of these attacks, accounting for 50% of the global total with 296 attacks. Europe also faced significant disruptions, with 22% of attacks (132), followed by Asia and South America, recording 75 and 46 attacks respectively.

The NCC Group report underscores how ongoing geopolitical instability is exacerbating these cyber threats. The inauguration of Donald Trump in January and subsequent swift executive orders have disrupted international technological partnerships reliant on US support, further fuelling the rise in ransomware incidents.

NATO's ongoing challenges with presumed Russian sabotage of European undersea infrastructure also contribute to heightened cyber risks. Nations accusing Russia of such acts are especially vulnerable to attacks from pro-Russian or state-backed hackers.

Matt Hull, Head of Threat Intelligence at NCC Group, remarked, "January broke records once again with the highest volume of ransomware victims that we have ever seen. This unprecedented volume of attacks comes in stark contrast to the usual drop in volume that we have recorded previously in January."

Hull further elaborated, "There are a range of factors contributing to this high volume of attacks, including a turbulent global geopolitical landscape, the introduction of new threat groups and changes in their methods of attack. The rise of new ransomware groups, like Funksec, and cyber criminal tools, such as infostealer malware, is also making it much easier for cyber attackers to conduct attacks that are causing mass disruption."

He emphasised the importance of proactive cybersecurity measures, stating, "It's critical that businesses and governments take note of these record ransomware levels. Taking action to mitigate these risks is more crucial than ever, with continuous monitoring, comprehensive training, and robust cybersecurity measures proving essential. Organisations must remain vigilant and proactive in their defence strategies to protect against this growing threat."