Ransomware Attacks Surge 30% in Q4 2025, Targeting Critical Sectors and Supply Chains Ransomware activity has spiked sharply, with attacks increasing by 30% in the last four months of 2025 compared to the first nine months of the year. Cybersecurity firm Cyble recorded 2,018 claimed attacks in Q4 2025 averaging 673 victims per month while January 2026 saw 679 attacks, maintaining the elevated pace. ### Key Trends and Threat Actors - Qilin led all ransomware groups in January with 115 attacks, followed by Akira (76), Sinobi, and The Gentlemen. - CL0P resurfaced in late 2025, claiming victims in Australia, the U.S., and the UK, including 11 Australian companies across IT, finance, healthcare, and construction. - The U.S. remained the most targeted country, accounting for nearly half of all attacks, while the UK and Australia saw heightened activity due to CL0P’s campaign. ### Targeted Sectors Ransomware groups continued to focus on construction, professional services, and manufacturing, likely due to vulnerabilities in their environments. IT firms also faced frequent attacks, given their access to downstream customer networks. ### Notable January 2026 Attacks - Everest breached a U.S. telecom equipment manufacturer, exfiltrating 11 GB of data, including engineering schematics, PCB layouts, and 3D designs. - Qilin compromised a U.S. airport authority, exposing financial documents, telehealth reports, and internal emails. - Sinobi claimed a breach of an India-based IT services firm, stealing 150 GB of data, including contracts, financial records, and customer data. - Rhysida sold stolen data from a U.S. biotech instrumentation company, including engineering blueprints and NDAs. - RansomHouse targeted a China-based electronics manufacturer, leaking CAD models, PCB designs, and proprietary production data. - INC Ransom breached a Hong Kong precision components supplier, exfiltrating 200 GB of data linked to global tech and automotive brands. - Nitrogen leaked 71 GB of data from a U.S. automotive components firm, including CAD drawings and financial records. - Anubis compromised an Italian maritime port authority, exposing operational data, safety reports, and infrastructure layouts. ### Emerging Ransomware Groups - Green Blood launched a new operation, encrypting files with the “.tgbg” extension and targeting victims in India, Senegal, and Colombia. - DataKeeper introduced a RaaS model with hybrid encryption (RSA-4096), in-memory execution, and TOR-based payment links. - MonoLock debuted a Linux-compatible RaaS using Beacon Object Files (BoF) for stealthy execution, avoiding public leak sites to reduce law enforcement exposure. The sustained rise in ransomware attacks, coupled with the emergence of new threat groups, underscores the evolving tactics of cybercriminals targeting critical infrastructure, supply chains, and high-value industries.

Majorel learned about a security breach in which hackers were able to access secure data. The manufacturer instantly patched up the flaw. A consumer data leak could not be totally stopped, though. According to the organization, all necessary data security precautions have been taken, and they immediately notified the data protection authority in compliance with GDPR. It was discovered that neither bank information nor current login credentials for the Riester online registration had been stolen.