Data from Comparitech reveals global ransomware trends for the first half of 2025. According to the research, 3,627 ransomware attacks were logged, representing a 47% increase from the first half of 2024 (2,472). Out of the 3,627 total ransomware attacks, 445 were confirmed by the organizations affected.
The 445 confirmed attacks can be broken down as follows:
- 260 against businesses
- 93 against government entities
- 52 against healthcare organizations
- 40 against educational institutions
The largest ransom demand across confirmed attacks was against Slovakia’s Geodesy, Cartography, and Cadastre Office, which faced a $12 million ransom in January 2025. This demand was not met.
The researchers note that government entities and educational institutions saw an increase in attention from ransomware groups. Government entities saw a 60% increase in attacks, and educational institutions saw a 23% increase.
The most prolific ransomware groups in H1 of 2025 (in both confirmed and unconfirmed attacks) were:
- Akira (347 targets)
- Clop (333 targets)
- Qilin (318 targets)
- RansomHub (222 targets)
- Play (214 targets)
- SafePay (186 targets)
In confirmed attacks for the first half of 2025, 17,070,617 records were compromised.
