Monthly Threat Pulse – Review of March 2025

Europe was the second most targeted region in March. Europe accounted for 27% of attacks and experienced 162 attacks.

Akira and RansomHub shared second place of most active threat group in March, with 62 attacks each.

Industrials regained the top spot for the most targeted sector in March. It accounted for 25% of all attacks in March and experienced 150 attacks in March.

Safepay was the third most active threat group in March, with 42 attacks.

Consumer discretionary was the second most targeted sector in March, with 124 attacks. This was a significant decrease of 55% (278 attacks) for consumer discretionary compared to February.

600 ransomware attacks were recorded globally in March.

Ransomware cases globally dipped by 32% in March (600 attacks) compared to February.

Babuk2 was the most active threat group, responsible for 14% of all attacks in March. Babuk2 drove ransomware activity with 84 attacks in March. This represents a 37% increase for Babuk2 from January (61 attacks).

South America took fourth place with 7% of attacks (39 attacks) in March.

North America remained the most targeted region in March. North America accounted for 48% of total global attacks and experienced 290 attacks.

Ransomware cases increased year-on-year by 46% in March.

Malvertising attacks surged in 2024. Microsoft Threat Intelligence uncovered nearly one million devices globally implicated in a large-scale malvertising campaign in March

75% of all global cases took place in North America and Europe combined in March.

Asia took third place with 14% of attacks (83 attacks) in March.