Saturday , July 4 2026
January 2025

TRACKING RANSOMWARE
Akira Topped January 2025 as the Most Active Ransomware Threat

In January 2025, there were 510 global ransomware incidents, with Akira as the leading group and new ones like MORPHEUS and Gd Lockersec appearing. The Manufacturing sector was the main target, followed by Finance and IT, with the USA being the most affected region. This report highlights key ransomware trends, showing that threat actors are becoming more sophisticated and spreading their focus internationally, underscoring the need for improved cybersecurity measures.

In January 2025, ransomware attacks decreased slightly, but their frequency and complexity stayed the same. This report analyzes ransomware trends from recent months, identifying the most impacted industries and regions, as well as new ransomware groups. It also explores the evolving tactics of major threat actors, including Python malware and VMware ESXi exploitation, providing insights into the changing cyber threat landscape.

Singapore major data centres, cloud providers could incur fine up to $1m

Major data center and cloud service providers might have to pay a fine of up to $1 million or up...
Read More
Singapore major data centres, cloud providers could incur fine up to $1m

IBM-managed instance breach exposes personal data of 70,000 in Singapore

The Singapore Land Authority (SLA) has announced that the personal details of around 70,000 people were leaked after someone accessed...
Read More
IBM-managed instance breach exposes personal data of 70,000 in Singapore

Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

Alibaba is said to be getting ready to ban the use of Anthropic’s Claude Code in its own systems starting...
Read More
Alibaba Reportedly Bans Claude Code for Suspected AI Tool Backdoor

CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a serious problem affecting Microsoft SharePoint Server to its list of...
Read More
CISA KEV Adds SharePoint RCE CVE-2026-45659 After Active Exploits

Nepal Unveils First “Hall of Fame” for Ethical Hackers

Nepal has started a 'Hall of Fame' program to honor cybersecurity researchers who safely report security flaws in government digital...
Read More
Nepal Unveils First “Hall of Fame” for Ethical Hackers

900+ Oracle E-Business instances Exposed Online

The Shadowserver Foundation found about 950 Oracle E-Business Suite (EBS) systems on the internet around the world. This discovery came...
Read More
900+ Oracle E-Business instances Exposed Online

India asks WhatsApp not to roll out ‘username’ feature over fraud concerns

The Indian government issued a notice WhatsApp planned to roll out its new 'username' feature. They are worried about fake...
Read More
India asks WhatsApp not to roll out ‘username’ feature over fraud concerns

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising...
Read More
Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Chrome 151 has a new update that fixes 382 security problems. This includes 15 critical issues that could allow attackers...
Read More
Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Apple fixes more than 30 iOS, macOS, and Safari flaws

Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more than thirty issues, including four...
Read More
Apple fixes more than 30 iOS, macOS, and Safari flaws

TREND COMPARISON OF JANUARY 2025’s TOP 5 RANSOMWARE GROUPS:

In January 2025, several ransomware groups were very active. Here are the trends for the top 5:

In January 2025, Akira’s activity increased by 60%, while Lynx and Incransom rose by 200% and 250%, respectively. Conversely, Cl0p declined by 12% and RansomHub fell by 20%. These trends indicate changes in the ransomware landscape and the priorities of threat actors across industries.

INDUSTRIES TARGETED IN JANUARY 2025 COMPARED WITH DECEMBER 2024:

The graph shows ransomware trends in January 2025 compared to December 2024. Ransomware attacks on IT increased by 60% due to sensitive data access, while healthcare saw a 31.25% rise for similar reasons. Education and Transportation experienced significant increases of 93% and 69%, respectively, due to their growing digital presence. FMCG and Hospitality had slight increases of 8% and 5%. In contrast, Banking & Finance dropped by 54%, and Manufacturing declined by 2.6%. These trends emphasize the need for strong cybersecurity measures across all industries.

TREND COMPARISON OF RANSOMWARE ATTACKS

Source: Cyfirma

In January 2025, there was a 3.95% drop in victims compared to December 2024. However, the long-term trend is concerning, with victims increasing from 205 in 2023 to 280 in 2024, and jumping to 510 in 2025—an 82.14% rise. This surge emphasizes the increasing threat of ransomware, driven by changing tactics and a focus on critical industries.

GEOGRAPHICAL TARGETS: TOP 5 LOCATIONS

In January 2025, ransomware attacks were predominantly in the United States (259), followed by Canada (29), the United Kingdom (25), France (18), and Germany (15). These areas are targeted because of their strong economies, data-rich businesses, critical infrastructure, and high likelihood of paying ransoms.

EMERGING GROUPS:

MORPHEUS:

Researchers have discovered a new ransomware called Morpheus, which may have been active since late December 2024, but has only publicly listed victims on a data leak site since January 2025. As of this report, the group has claimed three victims.

Gd Lockersec:

By January 2025, researchers noted the launch of a leak site by Gd Lockersec, a new ransomware group focused on financial gain. They prohibit attacks on entities from CIS countries, Cuba, North Korea, and China, as well as non-profit hospitals and certain organizations. Companies that have already paid a ransom are also exempt from further attacks.

During the drafting of this report, the group has claimed 5 victims.

 

Check Also

Tata

India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record

A cyber attack seems to have affected one of India’s top electronics companies. Tata Electronics …