Monday , July 13 2026
Q2 2025

Global ransomware attacks dropped 43% in Q2 2025

Ransomware attacks dropped by 43% worldwide in Q2 2025 from Q1, largely due to law enforcement efforts and internal conflicts, reports NCC Group. A total of 1180 attacks were recorded from April to June, which compares to 2074 attacks in Q1.

Source: NCC Group

Ransomware attacks decreased for the fourth month in a row in June 2025, dropping 6% from May to 371. Q2 saw a slowdown after a spike in attacks in the first quarter, mainly due to aggressive campaigns by major groups like Clop, RansomHub, and Akira.

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

Recent law enforcement actions have disrupted major ransomware operators, specifically targeting Clop and RansomHub affiliates. As a result, Clop and RansomHub are no longer among the top 10 active ransomware groups in Q2.

“These disruptions likely caused a ripple effect across the ransomware group’s ecosystem, forcing affiliates to regroup or shift to emerging ransomware groups,” NCC Group researchers noted.

The July 23 report noted that internal leaks and conflicts among ransomware groups may have contributed to the slowdown.

In May, insider information from the notorious LockBit group was leaked.

Meanwhile, researchers have observed DragonForce fighting a “turf war” with rival ransomware operators as it seeks to assert its dominance in the cybercrime marketplace.

DragonForce likely caused RansomHub’s infrastructure outage in late March 2025, disrupting operations.

The decline in attacks may also be linked to seasonal slowdowns in Q2 from global holidays like Easter and Ramadan.

Source: NCC Group

Qilin Leads the Way in Fragmented Market:

Qilin was the most active ransomware group in Q2, with 151 attacks, accounting for 13% of the total. This increased from 95 attacks in Q1.

In second place was Akira with 131 attacks, followed by Play (115) and SafePay (108).

SafePay gained attention in May for reporting 70 attacks. It was first spotted in September 2024, and researchers found little public information on the group.

Experts have connected SafePay to notable groups like LockBit, BlackCat, INC Ransom, and Play.

NCC Group reported tracking 86 active attack groups in 2025 so far, likely exceeding 2024’s record.

“The increased number of attackers means a broader range of attack methods that businesses need to be prepared for,” commented Matt Hull, global head of threat intelligence, NCC Group.

In Q2, the industrial sector experienced the most attacks, totaling 353, which is 30% of all attacks.

Consumer discretionary ranked second with 251 attacks, accounting for 21% of the total, heavily impacting retail in Q2. Information technology, healthcare, and financial services followed, making up the top five targeted industries with 10%, 8%, and 6% respectively.

Check Also

Apple

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can …