Global Surge in Ransomware Attacks and Their Impact on Organizations
Ransomware attacks have reached unprecedented levels globally, with the third quarter of 2025 witnessing a 36% year-over-year increase in publicly disclosed incidents, according to BlackFog’s latest report. The total number of ransomware attacks reported in this period climbed to 270, marking a 335% rise since Q3 2020. These attacks have caused significant operational disruptions across various sectors, including airlines, automotive manufacturers, governments, and organizations in 93 countries. Notable incidents include grounded aircraft, stranded passengers, and manufacturers such as Jaguar Land Rover being forced to halt production, with some operations only recently resuming after prolonged outages. The impact of ransomware extends beyond large enterprises, severely affecting small businesses that often lack the resources and security infrastructure to defend against such threats. Many small business owners have reported devastating financial consequences, with some losing nearly all their savings and seeing their businesses shrink dramatically. The attack on the UK nursery chain Kido in September 2025 highlighted the evolving tactics of ransomware groups, as sensitive data on children, parents, and carers was exfiltrated, raising concerns about the targeting of vulnerable sectors. Ransomware operators are increasingly indiscriminate, targeting organizations of all sizes and types, and seeking leverage through data theft and extortion. The psychological and financial toll on victims is profound, with individuals and organizations facing long-term recovery challenges. Research indicates that small businesses are particularly vulnerable, often lacking dedicated IT security staff, legal support, or sufficient cash reserves to weather the aftermath of an attack. The stress and adversity experienced by victims underscore the need for robust data protection and incident response strategies. Experts emphasize that the best defense is to make it as difficult as possible for cybercriminals to succeed, focusing on data protection to reduce the incentive for extortion. The continued upward trend in ransomware volumes signals an urgent need for organizations to reassess their security postures and invest in preventive measures. The widespread and lasting impact of these attacks demonstrates that ransomware remains one of the most significant threats to global business continuity and data security. Organizations are urged to prioritize anti-data exfiltration technologies and comprehensive incident response planning. The evolving threat landscape requires constant vigilance and adaptation to new attacker tactics. The experiences of both large enterprises and small businesses illustrate the far-reaching consequences of ransomware, from operational shutdowns to personal financial ruin. As attackers become more aggressive and sophisticated, the imperative for proactive defense and resilience has never been greater.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
F5 confirms nation-state intrusion into some systems
F5 disclosed that it experienced a cybersecurity incident involving a highly sophisticated nation-state threat actor that had maintained long-term access to some of its systems. The synopsis does not provide a more specific incident date beyond the report's publication timeframe.
Talos newsletter highlights Harvard Cl0p breach and Salesforce data leaks
Cisco Talos' Threat Source newsletter summarized several major security incidents, including Harvard's breach attributed to the Cl0p ransomware group and Salesforce customer data leaks tied to an extortion group. It also noted active exploitation of Windows zero-days and a $15 billion crackdown on Southeast Asian cybercrime networks.
Talos reports Famous Chollima job-seeker malware campaign
Cisco Talos identified a new campaign by North Korean group Famous Chollima targeting job seekers with trojanized applications to steal credentials and cryptocurrency. The activity used BeaverTail and OtterCookie malware delivered through malicious NPM packages and a fake Visual Studio Code extension.
Q3 2025 ransomware incidents surge worldwide, BlackFog reports
During July through September 2025, BlackFog tracked ransomware disruptions affecting organizations in 93 countries, with 270 publicly disclosed incidents in the quarter. The firm estimated roughly 1,510 additional incidents went unreported, and said data theft was involved in 96% of disclosed attacks.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Major Ransomware Trends and High-Profile Attacks in 2025
Ransomware activity surged in 2025 despite significant law enforcement actions against major ransomware-as-a-service (RaaS) groups, with new groups quickly filling the void and victim numbers reaching record highs. Data from RansomLook.io and Ransomware.live showed a sharp increase in claimed ransomware victims, with global numbers rising from approximately 5,400 in 2023 to over 8,000 in 2025. Attackers increasingly relied on social engineering rather than technical exploits, and the impact of ransomware was felt across all sectors, including retail, education, government, and healthcare. Notable incidents included coordinated campaigns against major UK retailers and disruptive attacks on organizations such as Coupang, University of Phoenix, and the NHS’s technology provider DXC Technology. The year’s most significant attacks demonstrated the systemic and cross-sector nature of modern cyber risk, with attackers exploiting third-party dependencies and identity weaknesses to maximize disruption. High-profile breaches led to operational outages, data exposure, and substantial financial and reputational damage, as seen in the case of Marks & Spencer, which suffered a dramatic drop in profits following a ransomware campaign attributed to the Scattered Spider group. These incidents have prompted organizations to reassess their incident response strategies, invest in ransomware readiness, and strengthen supply chain security as they prepare for evolving threats in 2026.
Mar 21, 2026
Escalating Cyber Threats and Ransomware Impacting Organizations in Late 2025
Manufacturers have become the primary target for cyberattacks in 2025, with over half experiencing ransomware incidents and paying significant ransoms, according to industry data. The average ransom payment reached $1 million, and recovery costs excluding ransom approached $1.3 million, highlighting the severe financial impact on the sector. The most common root cause of compromises shifted to exploited vulnerabilities, overtaking malicious emails and compromised credentials from previous years. Experts attribute the sector's vulnerability to a lack of security expertise, unaddressed cybersecurity gaps, and insufficient adoption of protective measures, making operational disruptions both likely and costly. The broader threat landscape in November 2025 was marked by a surge in data theft and ransomware attacks across multiple industries, with high-profile victims including major airlines, media organizations, universities, and healthcare providers. The Cl0p ransomware syndicate alone claimed responsibility for attacks on over 29 organizations, contributing to a global trend of increasing data breaches and extortion. Regulatory and legal pressures are intensifying, raising the stakes for organizations that fail to protect sensitive data. These developments underscore the urgent need for improved cybersecurity maturity, regular incident response testing, and proactive vulnerability management to mitigate the growing risks.
Mar 21, 2026
Escalating Ransomware Threats and Defensive Strategies in 2025-2026
Ransomware attacks have surged in frequency and sophistication, with organizations facing a dramatic increase in incidents driven by AI-powered attack chains, double- and multi-extortion tactics, and the proliferation of ransomware-as-a-service. Industry surveys and reports highlight that nearly 78% of companies experienced ransomware attacks in the past year, with attack volumes tripling year-over-year and public disclosures rising sharply. Attackers are increasingly leveraging artificial intelligence to accelerate intrusion, encryption, and extortion, rendering traditional detection methods less effective. The financial impact is severe, with average incident costs exceeding $5 million and a significant portion of victims suffering major disruption or data loss, even when ransoms are paid. Security leaders emphasize the urgent need for comprehensive ransomware playbooks, regular tabletop exercises, and enhanced training to build organizational resilience. Despite the growing threat, many organizations remain underprepared, with 76% struggling to keep pace with AI-assisted attacks and 85% acknowledging the obsolescence of legacy detection tools. Experts recommend a shift from reactive to proactive defense, including robust planning, cloud data protection, and continuous improvement of incident response capabilities to mitigate the evolving ransomware landscape.
Mar 21, 2026