Ransomware attacks were down in April, according to research from Comparitech, which found a significant decline in the number of attacks compared to the first three months of the year.
Comparitech researchers logged 749 ransomware attacks in total in April 2025, 39 of which were confirmed by the targeted entity.
This is a major decline from the 713 seen in March, as well as the 973 in February and the 530 in January.
Comparitech credited the decline partly to one of the most prolific ransomware gangs – RansomHub – going dark from the end of March.
While April may have been overall quieter, it did see some of the largest and most disruptive attacks this year. These include the ongoing attack on UK retail chain, Marks and Spencer, which has been attributed to Scattered Spider.
Globally, April also saw the attack on DataVita, a UK kidney dialysis company, as well as a attack on EU-Rec GmbH in Germany which saw the company file for insolvency. Virgin Islands Lottery also feel victim to a cyber-attack, as well as the Oregon Department of Environmental Quality.
Government entities remain a frequent target for ransomware gangs. Ransomware figures in this sector remain high (9) despite lower attack figures overall (39). Meanwhile, healthcare companies saw an increase in confirmed attacks (6).
Most attacks -both confirmed and unconfirmed, were on businesses, with 21 confirmed and 396 unconfirmed attacks.
The most prolific ransomware gangs were Qilin (67), Akira (62), Play (50), Lynx (32), and NightSpire (22). Akira had the most confirmed (3) followed by Qilin, NightSpire, Silent, and Sarcoma with two each.
Recommended reading
Qilin’s rise might have something to do with RansomHub going dark. Some experts suggest RansomHub’s affiliates have migrated to Qilin. With such an increase in the number of attacks claimed by Qilin in April (up from 45 in March), that explanation is plausible.
Akira had the most confirmed attacks with three in total, followed by Quilin, NightSpire, Sarcoma, and Silent, each with two confirmed attacks.
