- Ransomware attacks have reached the highest in February 2025, according to the report.
- The CL0P group has been very active in the first quarter of 2025
- NordStellar statistics expose the growing ransomware threat
Ransomware attacks have had an 81% increase year after year, as a new Nordstellar investigation has claimed.
This increase can be greatly attributed to the Ransomware Cl0P group, which has seen a resurgence as the group affirms the responsibility of 385 attacks only in the first weeks of 2025.
As a result, February 2025 saw the most ransomware attacks in history, with 980 known attacks in just 28 days, an average of 35 attacks per day.
A CL0P in the ocean
The CL0P group broke into the ransomware scene in around 2019, offering ransomware as a service (RAAS), where a cybercriminal group will rent its ransomware to others to commit their own attacks or sell access to the network and systems of an organization so that others are acted and extorted.
The notoriety of the group saw its peak after successfully violating the transfer of files administered by Moveit, which saw that more than 600 organizations have their stolen confidential data, affecting more than 40 million people.
Until now, in 2025, US organizations have represented 844 of the 2,040 victims, which Vakaris Noreika, an expert in cybersecurity in Nordstellar, attributes the fact that US companies are often lucrative objectives for ransomware groups thanks to their wealth and cyber insurance, as well as their highly interconnected networks, with each User, the device and connection act as an income potential for the start of wealth for a start of wealth for an start of the entrance for an environment.
“The increase in ransomware attacks is not preceded, which shows that the threat is more implacable than ever,” says Noreika.
“The Spike is driven by a combination of factors: computer pirates that exploit zero -day vulnerabilities faster than ever, increased ransomware such as a service (RAAS) that reduces the entry barrier, and organizations still fight with non -blinking systems and poor safety of credentials.”
“The resurgence of CL0P could be closely connected to the past activities of the group, such as the exploitation of zero day vulnerabilities in the Cleo file transfer software, which compromises hundreds of organizations worldwide,” says Noreika.
“This incident, such as a similar movement transfer in 2023, highlights the critical importance of rapidly addressing vulnerabilities in the transfer of files administered to protect against sophisticated cyber threats.”
To mitigate the potential threat of a ransomware attack, NordStellar recommends that organizations implement multiple cyber security strategies, as well as the use of regular data backup copies that can be recovered in case of an attack.
Multifactor authentication can also help protect against unauthorized access and lateral movement, with dark web monitoring tools that provide an early sign of commitment to user credentials or stolen data.
Organizations can also provide cybersecurity training to employees and implement final points protection systems as a way to detect possible network intrusions.
