Ransomware remains a persistent threat, with the latest 2025 State of Ransomware Report by BlackFog unveiling a 49% increase in ransomware incidents globally. This highlights the evolving nature of cyber threats, now powered notably by AI-driven techniques.
In 2025, ransomware tactics evolved, favouring stealth and speed over traditional disruptive approaches. As a result, the year witnessed 1,174 publicly disclosed cyber incidents, a peak since 2020. Furthermore, a 37% increase in attacks went undisclosed, underscoring the clandestine nature of modern ransomware strategies.
A notable revelation from the report is the deployment of large-scale, AI-enabled cyber attacks. This shift reflects an evolution in ransomware activity, exemplified by incidents such as the reported misuse of AI models to conduct autonomous reconnaissance, exploitation, and data theft.
Such threats underscore the challenge defenders face, requiring countermeasures for effective data protection.
Among the various industries, retail and healthcare sectors remain prime targets. In 2025, the healthcare sector accounted for 22% of all ransomware attacks, maintaining its status as the most targeted industry. The retail sector, too, saw a spike, with high-profile brands experiencing attacks, as cybercriminals aim for rich databases housing valuable consumer data.
Across the globe, the prevalence of attacks echoes a grim reality: no nation is immune. Organisations in 135 countries—69% globally—faced ransomware threats in 2025. Predominantly, the United States was the most affected region, accounting for a significant 58% of all recorded attacks.
The surge in undisclosed incidents highlights the necessity for more transparent reporting and enhanced security measures. As AI-enabled threats become common, organisations must prioritise strategies to prevent data exfiltration, the core goal of modern ransomware groups.
BlackFog’s ADX technology is positioned as a tool designed to help organisations detect and mitigate data breaches and ransomware risks. As threats continue to adapt, a concerted effort towards advanced cybersecurity solutions is essential to protect vital infrastructure and sensitive data.
