Surprised, Not Surprised, Ransomware Attacks Have Ticked Up
None
<p><span data-contrast="none">Like it or not, ransomware has been a durable and formidable thorn in the side of business, <a href="https://securityboulevard.com/webinars/government-takedown-of-ransomware-rings-what-cisos-need-to-know/" target="_blank" rel="noopener">government</a> and defenders. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">And this year has proved no different, with the uptick in ransomware continuing in the third quarter of 2025. This year to date, ransomware cases have zoomed up 47% over the same period last year, according to </span><a href="https://nordstellar.com/blog/ransomware-statistics-2025-q2/" target="_blank" rel="noopener"><span data-contrast="none">data compiled by NordStellar</span></a><span data-contrast="none">. That amounted to a whopping 6,330 incidents.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><div class="code-block code-block-13" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-13-1" data-info="WyIxMy0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="U2hvcnQ=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://www.techstrongevents.com/cruisecon-virtual-west-2025/home?ref=in-article-ad-2&utm_source=sb&utm_medium=referral&utm_campaign=in-article-ad-2" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2025/10/Banner-770x330-social-1.png" alt="Cruise Con 2025"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p><span data-contrast="none">Just between July and September, the number of ransomware cases topped 1,943, representing a 31% increase over Q3 last year. </span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">U.S. companies were most frequently in the crosshairs, accounting for 57% of all cases. The manufacturing sector found itself to be targeted as well, making up 19.7% of the cases.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">Small and medium-sized businesses may want to sharpen their defenses because they continue to be primary targets for ransomware attacks.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">We all know that keeping up with ransomware gangs and their affiliates still looks a lot like a proverbial game of whack-a-mole but NordStellar found that Qilin and Akira, two established ransomware groups, were behind the bulk of attacks. That’s mirrored in </span><a href="https://5.%09https/www.ontinue.com/wp-content/uploads/2025/09/2025_1H-Threat-Intelligence-Report.pdf"><span data-contrast="none">research</span></a><span data-contrast="none"> from Ontinue that found the 4,000 claimed ransomware breaches in H1 2025 were spearheaded by </span><span data-contrast="none">CL0P, AKIRA and QILIN.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">“The continued rise in incidents shows that ransomware is still effective and highly profitable, incentivizing cybercriminals to ramp up activity,” the trends showing, in short, ransomware threats are here to stay,” according to a NordStellar blog post.</span><span data-ccp-props='{"134233117":false,"134233118":false,"201341983":0,"335557856":16777215,"335559737":1110,"335559738":240,"335559739":240,"335559740":360}'> </span></p><p><span data-contrast="none">But NordStellar warns that “attackers won’t necessarily hand the decryption key to restore access even after the ransom is paid.” Often, the blog post said, “the systems or files will stay locked for the second ransom, leaving companies to suffer dire consequences—financial, reputational, and legal.”</span><span data-ccp-props='{"134233117":false,"134233118":false,"201341983":0,"335557856":16777215,"335559737":1110,"335559738":240,"335559739":240,"335559740":360}'> </span></p><p><span data-contrast="none">Brandon Williams, CTO at Conversant Group, says Conversant’s research “shows that 93% of cyber events involve targeting of backup repositories, and 80% of data thought to be immutable does not survive.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">But he explains that “being able to recover, but having no place to recover, will result in longer outages and larger business interruption costs.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">That will make it necessary to make “strategic breach recovery plans that integrate real-time threat detection, adaptive defenses and incident response protocols,” Williams says. “The most effective component of breach recovery plans is immutable backups, which are essential for fast recovery from breaches.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">Their tamper-proof design, he says, “guarantees the integrity of stored data and reduces recovery time while allowing for rapid restoration without the risk of reintroducing infected or corrupted files.” </span><br><span data-contrast="none">James Maude, field CTO at BeyondTrust, says that to deal effectively with ransomware and other threats, it’s crucial to “invest in shifting left and think more about securing identities and access to reduce our attack surface and blast radius in the event of compromise, rather than just thinking post breach.” </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">Ransomware and other threats, he says, “are only as effective as the privileges and access they manage to acquire so if we can implement better hygiene and focus on least privilege, then the threat actors are far less likely to ransomware us in the first place.”</span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/10/surprised-not-surprised-ransomware-attacks-have-ticked-up/" data-a2a-title="Surprised, Not Surprised, Ransomware Attacks Have Ticked Up "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fsurprised-not-surprised-ransomware-attacks-have-ticked-up%2F&linkname=Surprised%2C%20Not%20Surprised%2C%20Ransomware%20Attacks%20Have%20Ticked%20Up%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fsurprised-not-surprised-ransomware-attacks-have-ticked-up%2F&linkname=Surprised%2C%20Not%20Surprised%2C%20Ransomware%20Attacks%20Have%20Ticked%20Up%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fsurprised-not-surprised-ransomware-attacks-have-ticked-up%2F&linkname=Surprised%2C%20Not%20Surprised%2C%20Ransomware%20Attacks%20Have%20Ticked%20Up%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fsurprised-not-surprised-ransomware-attacks-have-ticked-up%2F&linkname=Surprised%2C%20Not%20Surprised%2C%20Ransomware%20Attacks%20Have%20Ticked%20Up%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F10%2Fsurprised-not-surprised-ransomware-attacks-have-ticked-up%2F&linkname=Surprised%2C%20Not%20Surprised%2C%20Ransomware%20Attacks%20Have%20Ticked%20Up%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>