RICHMOND: Ransomware attacks surged to a record high in the first quarter of 2025, with victims increasing by 102% compared to the same period last year, according to a new report from cybersecurity firm GRIT.
The quarterly GRIT report, released Wednesday, documented 2,063 ransomware victims in Q1, the highest number ever recorded. The findings also revealed a sharp rise in active threat groups, exploited vulnerabilities and attacks targeting critical industries.
Key Findings:
· Ransomware attacks spiked 102% year-over-year, with 2,063 victims reported in Q1.
· A record 70 active threat groups were identified, marking a 55.5% increase from 2024.
· Exploited vulnerabilities jumped 75%, with 12,333 flaws reported in the first quarter.
· Manufacturing, retail and technology sectors were hardest hit, while nonprofits saw ransomware incidents double from the previous quarter.
· The U.S. accounted for 59% of observed victims, the highest proportion to date.
“This record-breaking quarter was no coincidence,” said Grayson North, principal security consultant at GRIT.
“We’re tracking more active ransomware and extortion groups than ever before, with a noticeable rise in high-volume attacks from emerging players formed out of disrupted gangs, like LockBit and AlphV.”
North warned that the surge could signal a worsening trend. “The pressing question now is whether this represents a short-term spike or the beginning of a dark year for ransomware victims,” he said.
While historical data suggests a possible seasonal slowdown in attacks during the summer, North cautioned that the threat landscape remains unstable. “A single large-scale exploit—like those we’ve seen from Clop—could shift the ecosystem’s trajectory,” he said. “The conditions for another record-breaking year are firmly in place.”
The GRIT report is based on publicly available data, including threat group disclosures and analyst insights into ransomware trends.