- American companies were main objectives for ransomware actors in the first quarter of 2025
- Manufacturing, IT and services were particularly affected, says Nordstellar
- SMEs are a larger objective than companies, the report warns
American companies have been main objectives for ransomware attackers in 2025 so far, which represents almost half of all incidents of that nature this year.
A new Nordstellar report, which analyzed dark web data, discovered that there were 2,440 new cases of public ransomware on the dark website, 84% compared to the same period in 2024 (1,325). Of that number, 990 (41%) were US businesses.
That makes the United States the most affected country worldwide, since the second place in Canada had “only” 105 cases. The United Kingdom is third with 74, followed by Germany (56), France (42) and India (42).
Manufacture, IT, Professional Services
The Nordstellar Vakaris Noreika cybersecurity expert, this is because the United States has many rich commercial objectives.
“A high concentration of rich business with cyber insurance that includes rescue coverage makes the US a desirable objective for computer pirates,” Noreika explained.
“The US economy is highly digitized and most companies depend on interconnected systems, cloud technologies and remote work environments, all the factors that create more opportunities for ransomware attacks to infiltrate.”
Ransomware criminals seem to be particularly interested in manufacturing companies, since this industry registered 273 cases. He was second with 172 cases, and professional services were third with 116.
Surprisingly, these are mostly SMEs, no companies. Companies with income of $ 10M-50m, which employ 51-200 people, were more affected in the first quarter.
Ransomware continues to be one of the most destructive and disruptive cybercriminal operations that exist. Every day, the threat grows, as cybercounts find new ways of displaying encrypters and abusing AI in their attacks.
“The number of ransomware attacks is more than a trend: it is a growing threat to companies around the world,” said Noreika.
“Ransomware groups are becoming more sophisticated, exploiting the vulnerabilities of zero day faster and taking advantage of ransomware such as service (RAAS) to expand their scope. Many organizations still fight with unused systems and the safety of weak credentials, so it becomes easy goals. Without business, however, it is immune.”
