Record Ransomware Attacks in February 2025: A Surge in Cyber Threats

Ransomware Attacks Surge to Record Levels in February 2025

In a startling revelation, a recent report by Cyble has unveiled that ransomware attacks reached unprecedented heights in February 2025, with a staggering 821 victims claimed by various ransomware groups. This figure marks a dramatic increase of over 50% compared to the previous record set in May 2023, when 544 victims were reported.

The report highlights the significant role of the notorious CL0P ransomware group, which alone accounted for 267 of the victims. This surge in attacks is attributed to CL0P’s exploitation of vulnerabilities in managed file transfer (MFT) systems, particularly targeting Cleo MFT. With a total of 386 victims claimed since its recent exploits, CL0P has emerged as the most active ransomware group for the month, outpacing competitors like RansomHub and Akira.

The United States bore the brunt of these attacks, with ten times more victims than Canada, the second most affected nation. This alarming trend raises questions about the evolving landscape of cyber threats, as organizations grapple with the implications of such a spike in ransomware incidents.

Cyble’s analysis suggests that while February’s figures are alarming, they may signal the onset of a new normal in ransomware activity. The report notes that the decline of previously dominant groups like LockBit, due to law enforcement actions, has created space for others to flourish. With RansomHub, Akira, and Play also ramping up their activities, the potential for sustained high victim counts looms large.

Experts urge organizations to bolster their cyber defenses by patching vulnerabilities, training employees to recognize phishing attempts, and implementing robust backup strategies. As ransomware tactics evolve, the need for heightened cyber resilience has never been more critical.