New research from Comparitech revealed that in the first half of 2025, 3,627 ransomware attacks were reported and logged. This is a 47% increase since the first half of 2024, which is highly concerning for major organisations due to the frequency of these attacks. However, popular ransomware groups, like Hunter international and Lockbit, have closed their doors in recent times.
Head of data research at Comparitech, Rebecca Moody said “We didn’t need any reminders of how stark the ransomware landscape is, but the fact that we’re seeing a 50 percent year-on-year increase in the number of attacks (when comparing H1 of 2024 to H1 of 2025) only serves to emphasise how companies, large and small, need to do everything they can to lower their risks of suffering from one of these attacks.”
She then went on to say, “While ransomware gangs continue to emerge, evolve, regroup and change tactics, the basics around mitigating these risks remain the same. Keep software up to date, patch vulnerabilities as soon as they’re flagged, carry out regular system backups, have a plan in place if the worst should happen and ensure staff are regularly trained.”
Similar sentiments were also expressed by Forescout’s head of research Daniel Dos Santos, who added “The ransomware numbers in 2025H1 continue to show a growing threat landscape and the impact of cybercrime on businesses and people’s lives. More important than individual attacks or even raw numbers are some of the trends we observe, such as evolving techniques for ransomware delivery – especially with the use of EDR bypass, ClickFix attacks and even launching encryptors from IP cameras – and a growing number of ransomware attacks spike despite closure
