Why Ransomware Attacks Are Exploding in 2025
A 179% Spike in Just Six Months
Ransomware isn’t just growing; it’s exploding. Data from threat intelligence firm Flashpoint shows that attacks in the first half of 2025 surged by 179% compared to the same period in 2024. That’s nearly triple the volume in just twelve months, a scale of escalation few organisations are prepared for.
This dramatic rise confirms that ransomware has become one of the most disruptive forces in cybersecurity today.
Why the Ransomware Attacks Numbers Are Climbing
Several shifts explain why ransomware is spreading faster than ever:
-
Simplified attack methods: More groups are ditching encryption entirely, opting instead for pure data extortion. Steal the data, threaten to leak it, and demand payment, faster, cheaper, and easier.
-
AI as a force multiplier: Although still limited, attackers are beginning to use generative AI to automate phishing campaigns and reconnaissance. Groups like Funksec may be paving the way for more widespread adoption.
-
Recycled victims: Data from old breaches is resurfacing, creating new waves of extortion long after the initial attack.
The combination of lower technical barriers and AI-driven efficiency has created what Flashpoint calls a “perfect storm” for cybercrime.
Lessons from the Frontline: Insights from Certes TechTalk
On the latest Certes TechTalk Podcast, host John Granger and guest James Desmond (Air Force veteran and cybersecurity strategist) unpacked why the current surge feels so familiar to military professionals.
“AI is changing the threat landscape, but the fundamentals remain the same: if your people don’t know how to respond, your defences are already compromised.” — James Desmond, Certes TechTalk Podcast
James emphasised two points especially relevant to today’s ransomware explosion:
-
Unified strategy: Just as the military aligns diverse units under a single mission, organisations must align cyber defences across departments.
-
Organisation-wide training: Technology helps, but people remain the weakest link. Training must extend beyond IT teams to every employee.
Who’s Driving the Surge?
Flashpoint identifies Akira, Clop/Cl0p, Qilin, Safepay Ransomware, and RansomHub as the most active groups in early 2025. UK-based organisations are also feeling the impact, with DragonForce gaining notoriety after attacks on Marks & Spencer and the Co-op Group.
Where the Ransomware Attacks Hit Hardest
The United States is bearing the brunt, with 2,160 attacks tracked in the first half of 2025: far ahead of Canada (249), Germany (154), and the UK (148). Globally, manufacturing, technology, and retail top the list of most-targeted industries.
Moving Beyond Perimeter Defences
The surge shows that traditional perimeter security is not enough. Once data is stolen, encryption at rest and in transit becomes the last line of defence.
Certes’ Data Protection and Risk Mitigation (DPRM) directly addresses this need:
-
Quantum-safe encryption (AES-256-GCM) shields data even if systems are compromised.
-
Layer-4 payload protection ensures sensitive data never travels unencrypted.
-
Policy-first separation of duties puts control of keys and policies in your hands.
Final Word: Prepare for the Next Wave
The massive rise in ransomware isn’t a temporary spike; it’s a sign of things to come. Cyber criminals are moving faster, adopting AI, and exploiting weak links in human behaviour.
The message is clear: ransomware defence must be proactive, data-centric, and organisation-wide.
As James Desmond noted on Certes TechTalk, strategy and training are as critical as technology. Combined with Certes’ DPRM solutions, organisations can resist today’s surge and prepare for tomorrow’s threats.
