In a recent report published by the cybersecurity incident response and managed services provider NCC Group, it was revealed that the month of January saw a significant increase in ransomware attacks, marking the highest number recorded since 2021. This alarming trend was detailed in NCC Group’s “Cyber Threat Intelligence Review of January 2025,” which also highlighted other concerning developments in the ransomware landscape.
The report pointed out that not only did January break previous records for ransomware activity observed throughout 2024 and 2025, but it also indicated a potential rise in AI adoption among threat actors. Additionally, researchers at NCC Group tracked the resurgence of the notorious Clop ransomware gang, adding to the growing concerns surrounding cyber threats.
According to the findings, a total of 590 ransomware attacks were reported in January, with the Akira ransomware gang ranking as the most active threat actor group for the month. The surge in ransomware activity was attributed to both the increased activity from Akira and the resurgence of the Clop gang, which has a history of exploiting zero-day vulnerabilities in file transfer software products to target multiple victim organizations simultaneously.
While Clop had been relatively quiet over the past year, NCC Group noted that it emerged as the third most active threat actor group in January, underscoring the persistent threat posed by ransomware groups. Furthermore, the report highlighted the emergence of the FunkSec ransomware group, which was described as the “most prolific threat actor in December” and raised concerns due to its potential use of AI in developing malware.
The implications of ransomware attacks were particularly pronounced in the industrial sector, which accounted for 25% of ransomware attacks in January. This finding aligns with a recent report published by Dragos, which warned of an 87% increase in ransomware attacks against industrial organizations between 2023 and 2024.
Overall, the increase in ransomware activity and the evolving tactics used by threat actors pose a significant challenge for organizations looking to protect their data and systems. NCC Group urged organizations to take proactive measures to mitigate the risks associated with ransomware attacks and to stay vigilant in the face of emerging threats.
Informa TechTarget reached out to NCC Group for additional comments on the report, but the company was unavailable for response at the time of publication.
Arielle Waldman, a news writer for Informa TechTarget covering enterprise security, provided insights into the concerning trends outlined in NCC Group’s report. As ransomware attacks continue to pose a significant threat to organizations across various sectors, the need for robust cybersecurity measures has never been more critical.