In a shocking turn of events, February 2025 marked a dark milestone in the world of cybersecurity as ransomware attacks surged by a staggering 126%. Bitdefender’s latest Threat Debrief report unveiled this alarming trend, revealing the grim reality of cyber threats in the modern digital landscape.
The report highlighted that, despite efforts by a United States-led alliance involving 40 countries to combat ransomware gangs and dismantle their infrastructure, the number of victims had skyrocketed from 425 in February 2024 to a harrowing 962 in February 2025. This substantial increase in attacks came as a surprise, considering the global initiatives in place to thwart such malicious activities.
Leading the charge in this onslaught was the notorious Cl0p ransomware group, responsible for over a third of the attacks and claiming 335 victims in just one month. The group’s modus operandi included exploiting vulnerabilities in edge network devices, such as file transfer systems and remote access tools, to launch automated attacks on unsuspecting targets.
One of the vulnerabilities frequently exploited by the Cl0p gang was in MOVEit, a managed file transfer software, which they used to steal copious amounts of data from their victims. Despite patches being available for these vulnerabilities, many organizations failed to update their systems in time, leaving them vulnerable to exploitation and contributing to the surge in victims observed in February 2025.
Furthermore, the rise of new tactics and tools in the ransomware landscape was also evident in February 2025. FunkSec, a burgeoning ransomware group, introduced Wolfer, an infostealer designed to extract sensitive information from compromised machines. This development raised concerns about the potential repercussions of cybercriminals gaining access to critical data through such tools.
In parallel, the Black Basta ransomware gang faced scrutiny when their internal chats were leaked, revealing insights into their operations, profits, and use of advanced technologies like deepfake. The group’s emphasis on evading detection by leveraging built-in system tools highlighted the sophistication and adaptability of modern ransomware operations.
Meanwhile, Ghost (Cring), a China-based ransomware operation, was flagged in a joint advisory by CISA for exploiting unpatched vulnerabilities to target organizations. Recommendations for mitigating such threats included patching software, network segmentation, and regular data backups to prevent data loss and extortion.
The Akira ransomware gang took a novel approach by targeting a victim’s webcam to bypass security measures and encrypt files across the network covertly. This innovative tactic underscored the ever-evolving nature of cyber threats and the need for robust cybersecurity measures to safeguard against such attacks.
Amidst the turmoil caused by ransomware gangs, the top 10 companies most targeted by these malicious actors were primarily based in developed nations like the USA, Canada, the UK, and Germany. These countries’ reliance on interconnected edge devices, cloud infrastructure, and critical business data made them prime targets for ransomware gangs seeking to exploit vulnerabilities for financial gain.
For those seeking to gain a comprehensive understanding of the evolving ransomware landscape and effective defense strategies, Bitdefender has published a detailed whitepaper outlining current attack methods and mitigation measures. This resource serves as a valuable tool in the ongoing battle against ransomware threats and reinforces the importance of proactive cybersecurity practices in the face of escalating cyber risks.