Key Findings The number of publicly-mentioned and extorted victims in Q1 reached the highest ever number, with a 126% increase year-over-year. Cl0p returned to prominence as the most prolific ransomware actor in Q1 2025, exploiting new zero-day vulnerabilities in Cleo-managed file transfer products Harmony, VLTrader, and LexiCom. 83% of Cl0p’s victims were in North America. 33% of Cl0p’s victims were from the consumer goods & services sector. Ransomware groups like Babuk-Bjorka and FunkSec now routinely fabricate or recycle victim claims, with dozens of questionable entries published. What began as a marginal tactic of Lockbit after its takedown has become widespread, […]
The post The State of Ransomware in the First Quarter of 2025: Record-Breaking 126% Spike in Public Extortion Cases appeared first on Check Point Blog.