- US companies were the main targets of ransomware -actors in Q1 2025
- Manufacture, it and services, were especially affected, says Nordstellar
- SMBS is a larger target than companies report reports
US companies have been the main target of ransomware -attackers by 2025 so far, which makes up almost half of all events of that kind this year.
A new report from Nordstellar, analyzing dark web data, found that there were 2,440 new ransomware cases published on the dark web, an increase of 84% compared to the same period in 2024 (1,325). Of this number, 990 (41%) were US companies.
That makes the United States the most affected country globally globally, as the second placed Canada had “only” 105 cases. The United Kingdom is the third with 74, followed by Germany (56), France (42) and India (42).
Manufacture, that, professional services
Nordstellar’s CyberSecurity expert Vakaris Norika, this is because the United States has plenty of rich business goals.
“A high concentration of wealthy companies with cyber insurance that includes ransom -covering makes the United States a desirable target for hackers,” Norika explained.
“The economy of the US is very digitized, and most companies depend on interconnected systems, cloud technologies and external working environments -all factors that create more options for ransomware -attacks to infiltrate.”
Ransomware -Criminals appear to be particularly interested in manufacturing companies as this industry registered 273 cases. It was number two with 172 cases, and professional services were third with 116.
Surprisingly, these are mostly SMBs, not companies. Companies with an income of $ 10m-50 million employing 51-200 people were most hit in the 1st quarter.
Ransomware continues to be one of the most destructive and disturbing cyber criminal operations out there. Every day the threat grows as cyber criminals find new ways to insert encrypts and abuse AI in their attacks.
“The increasing number of ransomware attacks is more than just a trend-it is an ever-growing threat to businesses around the world,” Norika said.
“Ransomware groups become more sophisticated and exploit zero-day vulnerabilities faster and exploit Ransomware-as-A-Service (RAAS) to expand their reach. Many organizations are still struggling with non-declining systems and weak credibility security and thus becoming easy goals. No business, regardless of size, is immune.”
