News from the Wire

Ransomware levels hold steady in July despite persistent risks

Wednesday, August 27, 2025 — 16:40:15 (UTC)

Manchester, UK, Aug. 27, 2025—A new report from NCC Group finds that, following a record-breaking start to the year, ransomware activity showed little movement in July, with just a 1% increase from 371 cases in June to 376. While the numbers appear stable, stagnation should not be mistaken for safety.

No relief for Industrials as ransomware assaults persist

Industrials remained the top targeted sector for ransomware in July, bearing the brunt of 27% of all attacks (101 incidents), the highest of any sector.

Consumer Discretionary, which includes Retail, retained its position as the second most targeted sector, with ransomware attacks rising slightly from 76 in June to 82 in July. Information Technology followed in third place with 31 reported incidents, closely trailed by Healthcare, which recorded 30 attacks.

INC Ransom takes lead as most active threat actor

INC Ransom led the charge in July 2025 with 14% of all attacks (54). The groups’ attack numbers have been on the rise in recent months, up from 14 in May and 24 in June. In 2025, INC Ransom has been observed to particularly target CNI.

Qilin and Safepay placed in joint second with 40 attacks respectively, closely followed by Akira with 37.

Ransomware attacks continue to target the West

North America remained the most targeted region in July, accounting for 54% of all global ransomware attacks (204 incidents) - a slight decline of 3% compared to June.

Europe held steady at 21% (78 attacks), with fewer than half the number of incidents recorded in North America, highlighting a continued disparity in regional threat levels. Asia also maintained a 12% share of attacks (43), while South America followed with 6% (22).

Geopolitical developments influencing the cyber landscape

Several notable geopolitical events in July could influence the global cyber risk. Tensions rose at the BRICS summit, as Brazil’s President criticised US tariff threats. The remarks reinforced BRICS’ drive for alternatives to Western-led finance and could fuel hacktivist activity against Western institutions.

Meanwhile, the US reversed export restrictions on NVIDIA AI chips to China, raising concerns over national security credibility and the opportunity for Chinese threat actors to enhance their capabilities. The US also set an aggressive ceasefire deadline for Russia and Ukraine, signalling continued support for Ukraine and NATO, which may provoke further Russian cyber and hybrid attacks.

Rising famine-related deaths in Gaza have also intensified global pressure on Israel, with key allies threatening recognition of a Palestinian state, adding further complexity to the geopolitical cyber landscape.

Matt Hull, global head of Threat Intelligence at NCC Group, said: “While ransomware activity remained relatively flat in July, this lull should not be mistaken for a reduced threat. We saw a similar dip during the summer months last year, yet the overall threat level remained high.

“Looking ahead, we anticipate the return of previously disrupted groups, likely in collaboration with social engineering actors in order to start launching more sophisticated and coordinated attacks. Now is not the time for complacency.”

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.

Source: Company press release.

Categories: Reports and research