Ransomware Attacks Rise 50% In 2025; Microsoft, Apple, Oracle Among Affected Tech Vendors: Cyble

There has been a significant escalation in cyber threats worldwide, with ransomware attacks up 50% year-over-year and data breaches reaching second-highest levels on record, a new cybersecurity report by Cyble Inc. shows.

The report noted that India-Pakistan tensions earlier this year generated 1.5 million intrusion attempts. Furthermore, vulnerabilities in enterprise technologies by Microsoft, Apple, Cisco, and Oracle were among the most frequently affected.

As per the report, Akira emerged as the second-most prolific ransomware group behind Qilin, conducting campaigns throughout 2025 with particular focus on construction, manufacturing, and professional services sectors. 

The CL0P hacker group spiked in late February, posting hundreds of victims in a single wave. The campaign predominantly targeted consumer goods, transportation & logistics, and IT sectors through exploitation of enterprise file transfer software.

Key ransomware statistics include:

• 5,967 total ransomware attacks in 2025 (50% increase year-over-year).

• Manufacturing sector most targeted.

• Construction, professional services, healthcare, and IT among top five targets.

• 31 incidents affected critical infrastructure.

Government and law enforcement agencies accounted for 998 data breaches (16.5% of total), followed by banking, financial services, and insurance with 634 incidents. Combined, these sectors represented over 25% of all breaches, reflecting the focus on high-value targets.

Analysis of 3,013 compromised access sales revealed targeting of data-rich industries:

• Retail sector most targeted (594 incidents, nearly 20% of total).

• BFSI second most impacted (284 incidents).

• Government third highest (175 incidents).

Critical vulnerabilities in widely-deployed enterprise technologies served as primary initial access vectors throughout 2025. Over 86% of CISA’s Known Exploited Vulnerabilities catalogue entries showed CVSS ratings of 7.0 or higher, with vendors including Microsoft, Fortinet, Apple, Cisco, and Oracle most frequently affected, according to the report.

Cyble documented over 40,000 data leak and dump posts from hacktivist groups, impacting more than 41,400 unique domains across all major industries. Activity was predominantly driven by geopolitical conflicts, particularly:

• India-Pakistan tensions generated 1.5 million intrusion attempts.

• Israel-Iran conflict sparked cyber operations by 74 hacktivist groups.

• North Korea's IT worker fraud schemes infiltrated global companies.

• DDoS attacks, website defacements, and data breaches targeted government and critical infrastructure.