Monthly Threat Pulse – Review of February 2025

Cl0p was the most active threat group in February 2025, responsible for 37% of attacks.

83% of all ransomware cases globally took place in North America and Europe in February 2025.

Play was the fourth most active ransomware group, with 43 attacks in February 2025.

South America accounted for 5% of ransomware attacks (42) in February 2025.

February ransomware attacks (886) increased by 119% compared to February 2024 (403).

Consumer Discretionary was the most targeted sector with 278 ransomware attacks in February 2025, accounting for 31% of all attacks.

Ransomware attacks in the Industrials sector increased from 149 in January to 191 in February 2025.

Europe accounted for 18% of total global ransomware attacks (159) in February 2025.

North America accounted for 65% of total global ransomware attacks (574) in February 2025.

RansomHub was the second most active ransomware group, with 87 attacks in February 2025.

Akira was the third most active ransomware group, with 77 attacks in February 2025.

February attacks reached an all-time monthly high of 886.

February ransomware attacks (886) increased by 50% from January 2025 (590).

Cl0p was responsible for 330 attacks in February 2025, a 460% increase from January (59).

Industrials was the second most targeted sector, with 191 ransomware attacks in February in 2025.

Global levels of ransomware attacks increased month-on-month and year-on-year in February 2025.

Global levels of ransomware attacks increased month-on-month and year-on-year in February 2025.

Asia was the third most attacked place, with 7% of ransomware attacks (64) in February 2025.