Report by NCC Group

Monthly Threat Pulse – Review of February 2025

18 FINDINGSPublished Mar 19, 2025
View Original Report →

Key Findings

Cl0p was the most active threat group in February 2025, responsible for 37% of attacks.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareCl0p

83% of all ransomware cases globally took place in North America and Europe in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareNorth AmericaEurope

Play was the fourth most active ransomware group, with 43 attacks in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwarePlay

South America accounted for 5% of ransomware attacks (42) in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareSouth America

February ransomware attacks (886) increased by 119% compared to February 2024 (403).

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
Ransomware

Consumer Discretionary was the most targeted sector with 278 ransomware attacks in February 2025, accounting for 31% of all attacks.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareConsumer

Ransomware attacks in the Industrials sector increased from 149 in January to 191 in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareIndustrials

Europe accounted for 18% of total global ransomware attacks (159) in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareEurope

North America accounted for 65% of total global ransomware attacks (574) in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareNorth America

RansomHub was the second most active ransomware group, with 87 attacks in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareRansomHub

Akira was the third most active ransomware group, with 77 attacks in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareAkira

February attacks reached an all-time monthly high of 886.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
Ransomware

February ransomware attacks (886) increased by 50% from January 2025 (590).

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
Ransomware

Cl0p was responsible for 330 attacks in February 2025, a 460% increase from January (59).

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareCl0p

Industrials was the second most targeted sector, with 191 ransomware attacks in February in 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareIndustrials

Global levels of ransomware attacks increased month-on-month and year-on-year in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
Ransomware

Global levels of ransomware attacks increased month-on-month and year-on-year in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
Ransomware

Asia was the third most attacked place, with 7% of ransomware attacks (64) in February 2025.

NCC GroupMonthly Threat Pulse – Review of February 2025·Mar 19, 2025
RansomwareAsia