Recent Ransomware Attacks

Organizations worldwide impacted by ransomware

Your organization operates in an ever-expanding cyber-threat landscape where a single incident can have devastating consequences on your operational continuity, financial stability, and market position. In this challenging landscape, ransomware is one of the most critical threats facing your business.

2024 was a particularly “successful” year for ransomware attackers, with a recent report from cybersecurity company CyberArk revealing that nearly 90% of organizations were targeted, compared to 89% in 2023. The financial fallout of such incidents can be devastating, with some experts predicting that damage costs could exceed $265 billion by 2031.

All in all, ransomware can have potentially catastrophic and financially ruinous consequences for your organization in 2025.

View Most Recent Ransomware Attacks

Recent Ransomware attacks in 2025

Some of the most impactful ransomware attacks in 2025 so far are:

AWS: A new ransomware threat called Codefinger targets users of AWS S3 buckets and makes recovery without payment impossible.
Delta County Memorial Hospital District and River Region Cardiology: Attacks on the healthcare sector continue in 2025 with a recent ransomware attack that affected 500,000 individuals and exposed full names, dates of birth, and social security numbers.
American Standard: This major manufacturer was hacked by RansomHub showing that ransomware-as-a-service continues to be a trend in 2025 and makes it easy for cybercriminals to launch attacks.

Recent Ransomware attacks in 2024

Some of the most impactful ransomware attacks in 2024 were:

Change Healthcare: It led to the compromise of the protected health information of 100 million individuals and is expected to cost the company $2.457 billion, making it the largest ever healthcare breach reported in the US.
Starbucks: A ransomware attack on supply chain management software provider Blue Yonder affected the scheduling and payroll capabilities of 11,000 Starbucks stores across the USA.
AT&T: A breach of its Snowflake cloud environment forced the company to (reportedly) pay a $370K ransom in exchange for the deletion of the call records of 100+ million users.
Deloitte UK: A ransomware group claimed to have obtained over 1TB of data belonging to the company, raising concerns about the security preparedness of major consulting firms.
CDK Global: An attack affected 10K+ US car dealerships using its software, leading to collective losses of $1 billion.

Not convinced?

Check out our comprehensive and real-time ransomware tracker!

This tracker contains useful information about ransomware-related attacks going back to 2014. Plus, it’s updated weekly so you will get all the latest information right here.

Download it for free – and take the first step towards protecting your organization from this insidious threat.

Ransomware Tracker (2014 – 2025)

Download PDF Report

wdt_ID	wdt_created_by	wdt_created_at	wdt_last_edited_by	wdt_last_edited_at	Name	State or Country	Date	Type	URL
1	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	Ryan Harvie McEnery	Australia	June 2025	Accounting	https://www.cyberdaily.au/security/12208-exclusive-blacklock-ransomware-gang-claims-hack-of-aussie-accounting-firm?highlight=WyJyYW5zb213YXJlIl0=
2	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	Solar City Tyres	Australia	June 2025	Manufacturing	https://www.cyberdaily.au/security/12205-exclusive-solar-city-tyres-allegedly-breached-by-blacklock-ransomware?highlight=WyJyYW5zb213YXJlIl0=
3	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	Kel Campbell Fuel Haulage	Australia	June 2025	Petroleum	https://www.cyberdaily.au/security/12200-exclusive-nsw-petroleum-distributor-allegedly-breached-by-world-leaks-hacking-group?highlight=WyJyYW5zb213YXJlIl0=
4	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	RISE Racing	Australia	June 2025	Technologies	https://www.cyberdaily.au/security/12195-rise-racing-confirms-sarcoma-ransomware-attack?highlight=WyJyYW5zb213YXJlIl0=
5	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	The North Face	California	June 2025	Retail	https://therecord.media/north-face-customer-accounts-data-breach-notification
6	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	Volkswagen	Germany	June 2025	Manufacturing	https://www.cyberdaily.au/security/12183-stormous-ransomware-claims-cyber-attack-on-volkswagen?highlight=WyJyYW5zb213YXJlIl0=
7	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	Central Maine Healthcare	Maine	June 2025	Healthcare	https://www.hipaajournal.com/central-maine-healthcare-cyberattack/
8	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	Ville de Durant	Oklahoma	June 2025	Farming	https://www.kxii.com/2025/06/02/durant-targeted-by-ransomware-attack-some-services-impacted/
9	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	3P Corporation	Australia	May 2025	Finance	https://www.cyberdaily.au/security/12172-exclusive-melbourne-based-3p-corporation-breached-by-space-bears-ransomware?highlight=WyJyYW5zb213YXJlIl0=
10	ipuzic	July 2025 02:29 AM	ipuzic	July 2025 02:29 AM	3P Corporation	Australia	May 2025	Finances	https://www.cyberdaily.au/security/12172-exclusive-melbourne-based-3p-corporation-breached-by-space-bears-ransomware?highlight=WyJyYW5zb213YXJlIl0=

Ransomware Basics

Ransomware is one of the most common and fastest-evolving cyberthreats to organizations. CISA defines it as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable”. To recover these locked files, you need a digital key (decryptor) that the attacker promises to provide – but only if you cough up the ransom. Unfortunately, not all attackers keep their promises: in 2024, 84% of victims paid ransoms but only 47% got their data back uncorrupted.

Early “lockerware” variants of ransomware locked victims out of their machines. These evolved into variations that encrypted victims’ files and displayed a ransom note on the locked device. From such indiscriminate, “spray and pray” tactics, ransomware attacks have evolved into highly sophisticated campaigns designed to yield high payouts and often targeting specific industries or organizations, such as government entities, critical infrastructure providers, private sector firms, and educational institutions.

Many attackers have also adopted “double-extortion” techniques in which they not only encrypt data, but also threaten to sell, leak, or publish the exfiltrated data if the victim doesn’t pay up. The growth of “ransomware-as-a-Service” (RaaS) makes it even easier for adversaries to distribute devastating ransomware strains and execute large-scale attacks at will.

Did you know?

In 2024, 16.3% of organizations that were hit by ransomware were forced to pay ransoms to recover their data (up from 6.9% in 2023).
Ransomware payments skyrocketed to record highs, with total payments of $459.8 million.
The average ransom demand per attack exceeded $5.2 million in just H1 2024.
The average attack cost was $4.91 million, making ransomware the third-costliest cyberattack of 2024.
46% of security professionals estimate that their organizations suffered losses of $1-10 million in terms of ransom fees, lost revenues, and brand damage.
78% of organizations attacked in 2023 were breached again in 2024; 63% of these were asked to pay even higher ransoms the second time.
In 2024, 56% of attacked organizations didn’t detect a ransomware breach for 3-12 months, indicating a low level of awareness and preparedness to this threat.
Also, only 22% of attacked organizations recovered from an attack within a week, indicating a worrying increase in recovery times.
Organizations with good cybersecurity hygiene have a 35X lower frequency of experiencing destructive ransomware events, which shows that hygiene plays an important role in reducing the impact of ransomware attacks.

Ransomware Threats and Incidents Continue in 2025

Ransomware remains a common, global cyberthreat in 2025, with thousands of organizations hit, particularly in the healthcare, education, local government , and critical infrastructure sectors. That said, organizations in every industry are vulnerable to this growing threat so it’s crucial for them to take measures to prevent attacks and protect their assets and data. One important measure is to implement a reliable ransomware detection and response solution like SpinRDR. Check out this guide to learn how you can choose the right solution for your organization!