In April 2025, Comparitech reported 479 ransomware attacks, marking a downturn from prior months in Q1, where totals reached up to 973 in February. Researchers attribute this decline to the inactivity of RansomHub, the most active group prior, which ceased operations post-March 31, suggesting affiliates may have migrated to Qilin, now with increased claims. The month, nonetheless, saw substantial attacks on major businesses such as Marks & Spencer and DaVita, demonstrating that fewer incidents do not equate to reduced severity, particularly in key sectors like healthcare and government.
Research from Comparitech revealed 479 ransomware attacks in April 2025, a significant decrease from earlier months in Q1 2025, highlighting an unusual trend in ransomware activity.
The decline in ransomware incidents in April 2025 seems linked to RansomHub's reduced activity, leading to a rise in claims by the Qilin group.
Despite fewer attacks in April 2025, significant incidents plagued large organizations, including the UK retailer Marks & Spencer and the US healthcare provider DaVita.
Out of 479 recorded attacks in April 2025, the majority targeted businesses, yet healthcare and government sectors were also significantly impacted.
Collection
[
|
...
]