Record number of ransomware attacks in January 2025

Ransomware is locking up systems and hiding the key. Hackers often use this method against larger organizations. If a company's system is hijacked, attackers can seize control of its data and network, demanding payment to restore access. Otherwise, they may delete or leak sensitive files, causing significant damage. This week’s chart reveals just how widespread the threat has become.

Key insights

• Ransomware attacks have hit an all-time high this year, with 590 cases registered in January. This is an increase from the 574 cases recorded in December 2024, according to NCC Group data. The number of ransomware cases has been climbing for five consecutive months and has now hit a record number even larger than the 2024 monthly average of 440. Despite fluctuations across the year, the monthly averages have risen by nearly 80% from 211 in 2021 to 378 in 2022 and by 16% to 440 in 2024.
• But the figure for January, typically a quieter month, also represents a steep rise of 107% compared to the same month last year (285 cases). This is also a remarkable jump of 388% from January 2022, when only 121 cases were recorded. Moreover, for the fourth consecutive year, January’s figures mark a year-on-year increase, highlighting an upward trend in the number of ransomware attacks globally.
• Regionally, North America and Europe are the most affected regions year over year, accounting for the largest portion of the attacks. However, the proportion of attacks targeting North America has increased from 44% in 2022 to 50% in 2023 and stood at 55% in 2024. In January 2025, half (50%) of all ransomware attacks took place in North America.
• Conversely, the trend in Europe is the opposite. In 2022, attacks in Europe accounted for 35% of the overall number, but this figure dropped to 28% in 2023 and 24% in 2024. In January 2025, 22% of attacks took place in Europe.
• Over the last four years, the industrial sector has consistently been the most prevalent target for ransomware attacks, accounting for 25% of the total in January 2025 alone. It was followed by consumer discretionary, information technology, and healthcare — with one attack targeting the New York Blood Center¹, impacting blood donations and precipitating a shortage crisis.
• These attacks highlight how vulnerable infrastructure can be to cybersecurity threats, whether they involve critical healthcare services or national defense², risking citizens’ safety in multiple ways. These high numbers also indicate ransomware may continue to be prevalent throughout the year, underlining how cybersecurity measures are fundamental to reducing risks.

Methodology and sources

For this study, four Threat Intelligence Reports published by cybersecurity group NCC Group were analyzed, corresponding to the years 2022, 2023, 2024, and 2025. We used data pertaining to the number of ransomware attacks, globally and by region, alongside data for sector impact.

Data was collected from:

References: