- US businesses were prime targets for ransomware actors in Q1 2025
- Manufacturing, IT, and services, were particularly hit, says NordStellar
- SMBs are a bigger target than enterprises, report warns
US businesses have been prime targets for ransomware attackers in 2025 so far, making up almost half of all incidents of that nature this year.
A new report from NordStellar, which analyzed dark web data, found there were 2,440 new ransomware cases made public on the dark web, up 84% compared to the same period in 2024 (1,325). Of that number, 990 (41%) were US businesses.
That makes the United States the most affected country globally by far, since second-placed Canada had “only” 105 cases. The UK is third with 74, followed by Germany (56), France (42), and India (42).
Manufacturing, IT, professional services
NordStellar’s cybersecurity expert Vakaris Noreika, this is because the US has plenty of rich business targets.
“A high concentration of wealthy businesses with cyber insurance that includes ransom coverage make the US a desirable target for hackers,” Noreika explained.
“The economy of the US is highly digitalized and most businesses depend on interconnected systems, cloud technologies, and remote work environments — all factors that create more opportunities for ransomware attacks to infiltrate.”
Ransomware criminals seem to be particularly interested in businesses in manufacturing, since this industry recorded 273 cases. IT was second with 172 cases, and professional services was third with 116.
Surprisingly enough, these are mostly SMBs, not enterprises. Companies with a revenue of $10M-50M, employing 51-200 people, were most-hit in Q1.
Ransomware continues being one of the most destructive and disruptive cybercriminal operations out there. Every day the threat grows, as cybercriminals find new ways to deploy encryptors and abuse AI in their attacks.
“The soaring number of ransomware attacks is more than just a trend — it's an ever-growing threat for businesses worldwide,” Noreika said.
“Ransomware groups are getting more sophisticated, exploiting zero-day vulnerabilities faster, and leveraging ransomware-as-a-service (RaaS) to expand their reach. Many organizations still struggle with unpatched systems and weak credential security, thus, becoming easy targets. No business, regardless of size, is immune.”
You might also like
- The growing threat of ransomware for SMBs
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
