SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Cybersecurity
#
Threat intelligence

Ransomware attacks rise 50% in February, Cl0p leads surge

Yesterday
Author image
By Shannon Williams, Journalist

Ransomware attacks have surged by 50% in February compared to the previous month, reaching an unprecedented level of 886 cases, according to a report by NCC Group.

The report highlights a 119% increase in ransomware incidents from February 2024, where there were 403 recorded attacks. Key findings from the research pin the cyber gang Cl0p as the most active group responsible for 37% of these attacks.

Cl0p's activity rose dramatically, with the group accounting for 330 attacks, marking a 460% rise from January's figures. This surge is linked to the group's exploitation of vulnerabilities in file transfer software, Cleo, resulting in multiple breaches in late 2024. "Ransomware victim numbers hit record highs in February, surging 50% compared to January 2025, with Cl0p leading the charge. Unlike traditional ransomware operations, Cl0p's activity wasn't about encrypting systems—it was about stealing data at scale," noted Matt Hull, Head of Threat Intelligence at NCC Group.

RansomHub followed Cl0p as the second most prolific threat group, being responsible for 87 attacks, whereas Akira accounted for 77, and Play recorded 43 attacks in February.

For the first time since early 2024, Consumer Discretionary became the most targeted industry, overtaking Industrials with 278 attacks. This segment accounted for 31% of all incidents. The increase is attributed to the usage of the Cleo software, which suffered exploits linked to Cl0p's campaigns.

Although the number of attacks in the Industrials sector increased from 149 to 191, its share was surpassed by Consumer Discretionary.

Geographically, North America was the primary target for ransomware attacks in February, with 65% of all reported cases occurring in this region. This statistic significantly overshadows Europe, which recorded 18% of attacks, and is connected to mounting geopolitical strains and cyber security challenges faced by North American entities.

Asia and South America reported fewer attacks, with 7% and 5% of incidents, respectively.

The report also touches on the possible resurgence of LockBit, which has remained dormant following a law enforcement operation named Cronos. Matt Hull underscored, "This shift towards data theft and extortion is becoming the go-to strategy for ransomware groups, allowing them to target more organisations and maximise their leverage over victims."

Matt Hull commented on the evolving strategies of cybercriminals: "Meanwhile, law enforcement is ramping up its efforts, and recent takedowns show that international collaboration is having a real impact. But as attackers evolve their tactics, defenders must do the same. Businesses need to move beyond reactive measures and take a proactive stance, ensuring vulnerabilities are patched, data is protected, and incident response plans are ready to go."

The report emphasises the importance of proactive measures in light of increasing ransomware cyber threats and illustrates the significant challenges faced by sectors and regions in enhancing cyber security.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Sysdig reveals cloud security trends in new 2025 report
Radware named strong performer in Forrester WAF review
NTT DATA & Rubrik enhance global ransomware protection
NetFoundry launches updated security platform for OT use
KnowBe4 wins 5-Star Award in 2025 CRN Partner Guide
Top stories
Data backup vital says ISMS.online officer as day nears
Exclusive: Pulseway discusses drive for simplicity and efficiency in IT management
CrowdStrike boosts Falcon with new AI risk management tools
Milestone Systems unveils XProtect 2025 R1 with new features
NVIDIA GTC: Realize the promise of AI agents as a workforce multiplier in cybersecurity