Connect with us

Technology

Black Kite Releases 2025 Ransomware Report, Revealing 123% Increase in Ransomware Attacks Over Two Years

Published

12 months ago

on

New research finds dozens of new bad actors and growing unpredictability of attacks

BOSTON, May 13, 2025 /PRNewswire/ — Black Kite, the leader in third-party cyber risk intelligence, today announced its newest report, 2025 Ransomware Report: How Ransomware Wars Threaten Third-Party Cyber Ecosystems, which provides a deep analysis into evolving ransomware trends and threats. The report found that threats have escalated with more actors, less predictability, and deeper entanglement in supply chains, underscoring an urgent need for organizations to implement intelligence-driven defenses and proactive vendor monitoring.

“Ransomware has evolved, not in sophistication but in strategy,” said Ferhat Dikbiyik, Black Kite. “Since the fall of LockBit and AlphaV ransomware syndicates, the cybercriminal landscape has been defined by chaos and recalibration, with dozens of new actors that are unpredictable in how, where, and why. We are entering a new era of ransomware where the growth in victim count signals more than just an activity surge. There is a deeper shift in how ransomware groups operate and who they target, with small and mid-sized businesses becoming the new frontline. As the barriers are now lowered with less sophisticated but effective actors entering the field, organizations need to understand their cyber ecosystem risk by shifting their cybersecurity posture from visibility to anticipation and response to resilience.”

Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. As uncovered by Black Kite’s Research & Intelligence Team (BRITE), the number of publicly disclosed victims saw a 25% increase from the previous year. This follows a steep rise in the previous period with an 81% surge, amounting to a 123% increase over two years. The year also saw a noticeable uptick in attacks against small and mid-sized businesses (SMBs) due to their less robust cybersecurity defenses and lower risks of retaliation, and a rise in supply chain warfare with attackers focused on third-party vendors where just one compromised provider can disrupt dozens to hundreds of downstream organizations. These incidents, often called silent breaches, can go unnoticed until their ripple effects halt operations across industries.

Leveraging data and machine learning, Black Kite’s Ransomware Susceptibility Index® (RSI™) proved to be a critical signal. A numerical score between 0.0 and 1.0, with a higher score representing greater susceptibility to a ransomware attack, RSI goes beyond cyber risk metrics and provides a composite score that incorporates technical indicators and intrinsic risk factors. In fact, for those with RSI above 0.8, nearly half (46%) were attacked, and most organizations showed rising RSI trends well before a breach.

The report’s key findings include:

Publicly disclosed ransomware victims climbed to 6,046, a 24% increase year over year, and more than doubled since 202352 entirely new groups emerged in the last year, resulting in 96 active ransomware groupsUnder-resourced, understaffed, and underprepared, SMBs ($4M$8M) were the most frequently targetedRansomware was responsible for 67% of known third-party breaches46% of organizations with RSI greater than 0.8 experienced ransomware attacksWith smaller, less sophisticated operators that often lack the infrastructure to run complex extortion operations, ransom payment values declined by 35%, but the overall impact has widened

Ransomware is no longer dominated by large syndicates. Today’s organizations must contend against smaller groups that have less experience but the same intent – disrupt, extort, and repeat. While the tactics lack the sophistication of their predecessors and the targets are smaller, the volume and unpredictability of this new era of ransomware presents a new set of challenges. Organizations must also defend against AI-driven ransomware that enables attackers to bypass existing security systems and could evade detection, like analyzing EDR logs or monitoring incident response communications to adjust ransom demands.

Access the full report here.

Methodology
The findings in this report are the result of a comprehensive year-long investigation conducted by the Black Kite Research & Intelligence Team (BRITE), covering the period between April 1, 2024 and March 31, 2025. The methodology combines continuous monitoring of ransomware operations with detailed victim analysis and dark web intelligence gathering:

BRITE monitored activity from over 150 ransomware groups, tracking their leak sites, extortion posts, and public disclosures. A group was considered “active” if it published at least one victim within the last 12 months. By March 2025, 96 groups met this threshold.A total of 6,046 victims were identified through leak site monitoring, cross-validated with open-source intelligence and internal telemetry. For each victim, BRITE analysts determined industry classification using NAICS codes, headquarters location by country, and estimated company size based on publicly available financials or trusted databases. BRITE also leveraged the Black Kite platform to assess each victim’s cybersecurity posture before and after the incident, helping to identify patterns in susceptibility and exposure.To complement leak site tracking, BRITE actively monitored ransomware blogs, Telegram channels, and dark web forums to identify group narratives, affiliate activity, and coordination patterns. This enabled the team to detect new groups quickly and contextualize victim disclosures beyond surface-level postings.

About Black Kite
Black Kite gives organizations a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners, and suppliers in an ever-changing digital landscape. Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating. Black Kite serves more than 3,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers.

Learn more at www.blackkite.com, or on the Black Kite blog.

Media Contact:
Michelle Kearney
Hi-Touch PR
443-857-9468
kearney@hi-touchpr.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/black-kite-releases-2025-ransomware-report-revealing-123-increase-in-ransomware-attacks-over-two-years-302452421.html

SOURCE Black Kite

Related Topics:
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Florida Physician Specialists Data Breach: Edelson Lechtzin LLP Launches Investigation into Exposure of Personal Information

Published

2 hours ago

on

May 3, 2026

By

National class action firm offering free case evaluations to individuals impacted by the Florida Physician Specialists cybersecurity incident

JACKSONVILLE, Fla., May 3, 2026 /PRNewswire/ — Edelson Lechtzin LLP, a national class action law firm, is investigating data privacy claims arising from the Florida Physician Specialists data breach. Florida Physician Specialists learned of the cybersecurity incident between November 27 and 29, 2025.

What Happened

Florida Physician Specialists discovered that its network was hacked between November 27 and 29, 2025. An investigation launched in late November 2025 confirmed that an unauthorized third party accessed its network. The review of the exposed data was completed on April 6, 2026.

Information Exposed

Affected personal data includes full names and one or more of the following: Social Security numbers, driver’s license numbers or state identification numbers, other government identification numbers, financial account information, credit or debit card information, medical information, and/or health insurance policy information.

Who May Be Impacted

Individuals who received a data breach notification from Florida Physician Specialists may face an increased risk of identity theft and fraud.

Your Legal Options

Edelson Lechtzin LLP is investigating a potential class action to pursue legal remedies on behalf of individuals whose sensitive personal data may have been compromised in the Florida Physician Specialists breach. The firm will evaluate your rights and potential claims at no cost.

Recommended Protective Steps

Review account statements and credit reports regularly and remain vigilant for suspicious activity. Confirm whether your information was involved in the Florida Physician Specialists incident and preserve any letters or emails you received about the breach. Consider placing fraud alerts and credit monitoring.

Contact Us for a Free Case Evaluation

Speak confidentially with a data privacy attorney today: Marc Edelson, Esq., Edelson Lechtzin LLP, 411 S. State Street, Suite N-300, Newtown, PA 18940; Phone: 844-696-7492 ext. 2; Email: medelson@edelson-law.com; Web: www.edelson-law.com. Or click HERE to request a free consultation.

About Florida Physician Specialists

Based in Jacksonville, Florida, Florida Physician Specialists is a multi-specialty private physician practice serving patients in Northeast Florida.

About Edelson Lechtzin LLP

Edelson Lechtzin LLP is a national class action law firm with offices in Pennsylvania and California. In addition to data breach litigation, the firm handles class and collective actions involving securities and investment fraud, federal antitrust violations, ERISA employee benefit plans, wage theft, and consumer fraud

Media and Partnership Inquiries: Use the contact information above to connect with our team regarding interviews, co-counsel opportunities, and referral partnerships.

Legal Notice: This press release may be considered Attorney Advertising in some jurisdictions.

View original content to download multimedia:https://www.prnewswire.com/news-releases/florida-physician-specialists-data-breach-edelson-lechtzin-llp-launches-investigation-into-exposure-of-personal-information-302760742.html

SOURCE Edelson Lechtzin LLP

Continue Reading

Technology

Sandhills Medical Foundation, Inc., d/b/a Sandhills Medical Data Breach: Edelson Lechtzin LLP Launches Investigation into Exposure of Personal Information

Published

2 hours ago

on

May 3, 2026

By

National class action firm offering free case evaluations to individuals impacted by the Sandhills Medical cybersecurity incident

MCBEE, S.C., May 3, 2026 /PRNewswire/ — Edelson Lechtzin LLP, a national class action law firm, is investigating data privacy claims arising from the Sandhills Medical data breach. Sandhills Medical learned of the cybersecurity incident between November 27 and 29, 2025.

What Happened

On May 8, 2025, Sandhills Medical discovered it had been the victim of a ransomware attack. Sandhills Medical began an investigation with the help of cybersecurity experts and a forensic firm. That investigation determined an unauthorized third party accessed Sandhills Medical’s server directly and obtained personal information for select patients.

Information Exposed

Affected personal data includes names, personal health information, and birth dates. This data breach has affected an estimated 169,017 people.

Who May Be Impacted

Individuals who received a data breach notification from Sandhills Medical may face an increased risk of identity theft and fraud.

Your Legal Options

Edelson Lechtzin LLP is investigating a potential class action to pursue legal remedies on behalf of individuals whose sensitive personal data may have been compromised in the Sandhills Medical breach. The firm will evaluate your rights and potential claims at no cost.

Recommended Protective Steps

Review account statements and credit reports regularly and remain vigilant for suspicious activity. Confirm whether your information was involved in the Sandhills Medical incident and preserve any letters or emails you received about the breach. Consider placing fraud alerts and credit monitoring.

Contact Us for a Free Case Evaluation

Speak confidentially with a data privacy attorney today: Marc Edelson, Esq., Edelson Lechtzin LLP, 411 S. State Street, Suite N-300, Newtown, PA 18940; Phone: 844-696-7492 ext. 2; Email: medelson@edelson-law.com; Web: www.edelson-law.com. Or click HERE to request a free consultation.

About Sandhills Medical

Based in McBee, South Carolina, Sandhills Medical operates as a Federally Qualified Community Health Center (FQHC) that provides community-based primary health care services.

About Edelson Lechtzin LLP

Edelson Lechtzin LLP is a national class action law firm with offices in Pennsylvania and California. In addition to data breach litigation, the firm handles class and collective actions involving securities and investment fraud, federal antitrust violations, ERISA employee benefit plans, wage theft, and consumer fraud

Media and Partnership Inquiries: Use the contact information above to connect with our team regarding interviews, co-counsel opportunities, and referral partnerships.

Legal Notice: This press release may be considered Attorney Advertising in some jurisdictions.

View original content to download multimedia:https://www.prnewswire.com/news-releases/sandhills-medical-foundation-inc-dba-sandhills-medical-data-breach-edelson-lechtzin-llp-launches-investigation-into-exposure-of-personal-information-302760743.html

SOURCE Edelson Lechtzin LLP

Continue Reading

Technology

Danish Publisher Automates Digital Textbook Delivery with Integrated WooCommerce-Webdoxx Solution

Published

7 hours ago

on

May 3, 2026

By

Danish educational publisher eliminates manual processing errors and delivers instant access to more than 20 digital learning products

LONDON, May 3, 2026 /PRNewswire-PRWeb/ — Forlaget 94, a Danish educational publisher serving commercial colleges and vocational schools since 1994, has transformed its digital textbook distribution by implementing a fully automated WooCommerce-Webdoxx solution.

“Using the Webdoxx-WooCommerce integration we have achieved full automation of order processing, fewer errors, and happier customers,” Tom Gertsen, IT Manager at Forlaget 94

Previously, Forlaget 94 relied on manual processes to distribute digital textbooks to customers. As demand for online educational materials grew, the publisher required a faster, more reliable way to manage orders, provision access, and reduce the risk of administrative errors.

Through its integration of WooCommerce with Webdoxx, Forlaget 94 now runs more than 20 educational products through a 100% automated workflow. The solution automatically processes customer orders and provides instant access to purchased digital textbooks, improving the experience for both customers and internal teams.

“The result is full automation of order processing, fewer errors, and happier customers,” said Tom Gertsen, IT Manager at Forlaget 94 and architect behind the WooCommerce-Webdoxx integration. The automated system has enabled Forlaget 94 to eliminate manual errors, accelerate customer processing, and increase customer satisfaction through immediate access provisioning. The implementation demonstrates how educational publishers can modernize digital content delivery while maintaining secure, managed access to learning materials.

Webdoxx, a service created and managed by Drumlin Security Ltd, provides online DRM and managed document delivery services for publishers, educational organizations, institutions, and commercial content providers.

About Forlaget 94

Forlaget 94 is a Danish educational publisher established in 1994, providing educational products for commercial colleges and vocational schools.

About Webdoxx

Webdoxx is an online DRM and managed document delivery service created and managed by Drumlin Security Ltd. The platform supports secure access to digital publications and documents across a range of sectors, including education, healthcare, government, finance, and publishing.

Media Contact

Mike de Smith, Drumlin Security Ltd, 44 7768404712, info@drumlinsecurity.com, https://www.drumlinsecurity.com/

View original content to download multimedia:https://www.prweb.com/releases/danish-publisher-automates-digital-textbook-delivery-with-integrated-woocommerce-webdoxx-solution-302759942.html

SOURCE Forlaget 94

Continue Reading

Trending