New research from Comparitech revealed that in the first half of 2025, 3,627 ransomware attacks were reported and logged. This is a 47% increase since the first half of 2024, which is highly concerning for major organisations due to the frequency of these attacks. However, popular ransomware groups, like Hunter international and Lockbit, have closed their doors in recent times.
Head of data research at Comparitech, Rebecca Moody said “We didn’t need any reminders of how stark the ransomware landscape is, but the fact that we’re seeing a 50 percent year-on-year increase in the number of attacks (when comparing H1 of 2024 to H1 of 2025) only serves to emphasise how companies, large and small, need to do everything they can to lower their risks of suffering from one of these attacks.”
She then went on to say, “While ransomware gangs continue to emerge, evolve, regroup and change tactics, the basics around mitigating these risks remain the same. Keep software up to date, patch vulnerabilities as soon as they’re flagged, carry out regular system backups, have a plan in place if the worst should happen and ensure staff are regularly trained.”
Similar sentiments were also expressed by Forescout’s head of research Daniel Dos Santos, who added “The ransomware numbers in 2025H1 continue to show a growing threat landscape and the impact of cybercrime on businesses and people’s lives. More important than individual attacks or even raw numbers are some of the trends we observe, such as evolving techniques for ransomware delivery – especially with the use of EDR bypass, ClickFix attacks and even launching encryptors from IP cameras – and a growing number of individuals impacted by data breaches as gangs focus on data exfiltration instead of encryption.”
Dos Santos continued: “These trends show that cybercriminals continue to find new ways to deliver and profit from malware even when facing increased attention from law enforcement. Organisations need to pay attention to these innovations and ensure they have the right level of visibility and threat detection for every device in their network to avoid becoming the next victim.”
The research also showed other specific industries that were more heavily impacted by attacks. These include technology (88% increase), retail (85%), legal (71%), transportation (66%), and manufacturing (64%). However, Utilities was the only industry to see a decline by -31%.
Across the 445 confirmed attacks, more than 17 million records were breached which highlights the scale of impact these attacks have on organisations and consumers.
Despite the increase in attacks, the industry is seeing the closure of a lot of notable ransomware groups, including Hunters international. This week the Hunters International ransomware group claimed it would be shutting down – voluntarily! The group also announced it would be providing free decryption software to previous victims, although it is unclear how many of the cybercriminals’ targets were actual victims of encryption attacks.
The group was behind many high profile attacks including Tata Technologies (in January 2025), Fred Hutchinson Cancer Center (Nov 19, 2023) and Industrial and Commercial Bank of China (ICBC) (in September 2024).
Dray Agha, senior manager of security operations at Huntress, commented on the closure by saying: “While Hunters International frames their shutdown as a ‘gesture of goodwill,’ this is likely a strategic rebrand – not repentance – as they have morphed into the group ‘World Leaks’, an extortion-only operation. Ransomware groups are pivoting to ‘steal-only’ extortion for lower risk and faster payouts, and defences must evolve beyond reliance on backups. Proactive measures like 24/7 detection and response, identity protection, and security awareness training are essential to disrupt attacks before data exfiltration can take place.”
Another example of a ransomware group closing down in recent years, however this time by force, is Lockbit. The infamous ransomware gang was taken down in an international operation in 2024.
The post Ransomware Attacks Spike Despite Gang Closure appeared first on IT Security Guru.
The original article found on IT Security Guru Read More
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
