International Cyber Expo International Cyber Expo
  • About Us
Friday, 17 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Ransomware Attacks Spike Despite Gang Closure

New research from Comparitech revealed that in the first half of 2025, 3,627 ransomware attacks were reported and logged.

by The Gurus
July 4, 2025
in Featured, Features
female hacker with headphones on holding laptop
Share on FacebookShare on Twitter

New research from Comparitech revealed that in the first half of 2025, 3,627 ransomware attacks were reported and logged. This is a 47% increase since the first half of 2024, which is highly concerning for major organisations due to the frequency of these attacks. However, popular ransomware groups, like Hunter international and Lockbit, have closed their doors in recent times.

Head of data research at Comparitech, Rebecca Moody said “We didn’t need any reminders of how stark the ransomware landscape is, but the fact that we’re seeing a 50 percent year-on-year increase in the number of attacks (when comparing H1 of 2024 to H1 of 2025) only serves to emphasise how companies, large and small, need to do everything they can to lower their risks of suffering from one of these attacks.”

She then went on to say, “While ransomware gangs continue to emerge, evolve, regroup and change tactics, the basics around mitigating these risks remain the same. Keep software up to date, patch vulnerabilities as soon as they’re flagged, carry out regular system backups, have a plan in place if the worst should happen and ensure staff are regularly trained.” 

Similar sentiments were also expressed by Forescout’s head of research Daniel Dos Santos, who added “The ransomware numbers in 2025H1 continue to show a growing threat landscape and the impact of cybercrime on businesses and people’s lives. More important than individual attacks or even raw numbers are some of the trends we observe, such as evolving techniques for ransomware delivery – especially with the use of EDR bypass, ClickFix attacks and even launching encryptors from IP cameras – and a growing number of individuals impacted by data breaches as gangs focus on data exfiltration instead of encryption.” 

Dos Santos continued: “These trends show that cybercriminals continue to find new ways to deliver and profit from malware even when facing increased attention from law enforcement. Organisations need to pay attention to these innovations and ensure they have the right level of visibility and threat detection for every device in their network to avoid becoming the next victim.”

The research also showed other specific industries that were more heavily impacted by attacks. These include  technology (88% increase), retail (85%), legal (71%), transportation (66%), and manufacturing (64%).  However, Utilities was the only industry to see a decline by -31%.

Across the 445 confirmed attacks, more than 17 million records were breached which highlights the scale of impact these attacks have on organisations and consumers.

Despite the increase in attacks, the industry is seeing the closure of a lot of notable ransomware groups, including Hunters international. This week the  Hunters International ransomware group claimed it would be shutting down – voluntarily! The group also announced it would be providing free decryption software to previous victims, although it is unclear how many of the cybercriminals’ targets were actual victims of encryption attacks.

The group was behind many high profile attacks including Tata Technologies (in January 2025), Fred Hutchinson Cancer Center (Nov 19, 2023) and Industrial and Commercial Bank of China (ICBC) (in September 2024).

Dray Agha, senior manager of security operations at Huntress, commented on the closure by saying: “While Hunters International frames their shutdown as a ‘gesture of goodwill,’ this is likely a strategic rebrand – not repentance – as they have morphed into the group ‘World Leaks’, an extortion-only operation. Ransomware groups are pivoting to ‘steal-only’ extortion for lower risk and faster payouts, and defences must evolve beyond reliance on backups. Proactive measures like 24/7 detection and response, identity protection, and security awareness training are essential to disrupt attacks before data exfiltration can take place.”

Another example of a ransomware group closing down in recent years, however this time by force, is Lockbit. The infamous ransomware gang was taken down in an international operation in 2024.

ShareTweet
Previous Post

Psychological Contract Breach and the Power of Security Culture – Research Insights

Next Post

How to Secure Your Promo Codes Against Cyber Exploits

Recent News

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol