Ransomware attacks by hackers hit a record high in the first quarter this year, according to a report from Virginina-based cybersecurity consulting firm GuidePoint Security.
That result included a historic high of 2,063 ransomware victims—a 102% increase compared to the previous year—and 70 active ransomware groups (up 55.5%), the firm said in its quarterly “GuidePoint Research and Intelligence Team (GRIT) Ransomware and Cyber Threat Report.”
The most heavily impacted industries were the manufacturing, retail, and technology sectors, while the non-profit sector saw a dramatic surge in ransomware attacks, with ransomware incidents doubling quarter-over-quarter. And 59% of observed ransomware victims in Q1 2025 were based in The United States, the highest proportion seen to date.
“This record-breaking quarter was no coincidence,” said Grayson North, Principal Security Consultant, GRIT. “We’re tracking more active ransomware and extortion groups than ever before, with a noticeable rise in high-volume attacks from emerging players formed out of disrupted gangs, like LockBit and AlphV. The pressing question now is whether this surge represents a residual short-term spike or the beginning of a dark year for ransomware victims.”
The report also explores the Lazarus ByBit hack, the continued exploitation of web application vulnerabilities, and global law enforcement efforts to dismantle the Ransomware-as-a-Service (RaaS) group 8Base.
“While historical trends suggest we could see a seasonal slowdown as we approach the summer, the threat landscape remains volatile,” North said. “A single large-scale exploit—like those we’ve seen from Clop—could once again shift the ecosystem’s trajectory. The conditions for another record-breaking year are firmly in place. It’s now up to the defenders to change that narrative.”
