Alarming new findings from NordStellar reveal that ransomware attacks are skyrocketing, causing serious concerns to businesses around the world.
Up to 20 March 2025, 2 040 new ransomware cases were made public on the dark web, which marks an 81% increase compared to the same period in 2024.
“The surge in ransomware attacks is unprecedented, proving the threat is more relentless than ever,” says Vakaris Noreika, a cybersecurity expert at NordStellar. “The spike is driven by a combination of factors — hackers exploiting zero-day vulnerabilities faster than ever, the rise of ransomware as a service (RaaS) lowering the barrier to entry, and organisations still struggling with unpatched systems and poor credential security.”
The most prolific ransomware group, with 385 attacks under its belt so far this year, is Cl0p — a sophisticated player in the RaaS ecosystem.
Cl0p was insignificant in 2024, but this year, it seems to have resurfaced stronger than ever, significantly contributing to February 2025 being the record month in history.
It reached an all-time monthly high of 980 ransomware attacks, an increase of 51% from January 2025 (649) and a 106% increase compared to February 2024 (477).
“Cl0p’s reemergence might be closely connected to the group’s past activities, such as exploitation of zero-day vulnerabilities in Cleo file transfer software, compromising hundreds of organisations worldwide,” says Noreika.
“This incident, like a similar MOVEit Transfer one in 2023, highlights the critical importance of promptly addressing vulnerabilities in managed file transfer solutions to protect against sophisticated cyber threats.”
At least 844 of the 2 040 ransomware incidents published in 2025 so far came from businesses based in the US.
“The staggering 41% share indicates that American companies remain the tempting target for cybercriminals due to their deep pockets and cyber insurance that can cover ransom payments,” says Noreika.
“Additionally, the US has a highly digitized economy, with the majority of businesses relying on interconnected networks, cloud services, and remote work environments — all of which increase potential entry points for ransomware attacks.”
Vakaris Noreika from NordStellar recommends organisations implement multi-layered cybersecurity strategies, including regular data backups, multi-factor authentication across all systems, continuous dark web monitoring for exposed credentials, employee cybersecurity awareness training, and advanced endpoint detection and response solutions.
As ransomware remains an ongoing and ever-growing threat and attacks on organisations continue to escalate, businesses and governments can’t afford to be complacent — proactive defense and rapid response strategies are more critical than ever when protecting data and operations.
“Businesses must recognize that ransomware is no longer just a financial risk — it’s an operational and reputational crisis that demands urgent action,” says Noreika.