- US businesses were prime targets for ransomware actors in Q1 2025
- Manufacturing, IT, and services, were particularly hit
- SMBs are a bigger target than enterprises
So far in 2025, US businesses were prime targets for ransomware attackers, taking up almost half of all incidents of that nature this year, according to a new report from threat exposure management platform NordStellar, whose researchers analyzed dark web data to compile the Q1 2025 statistics.
As per the report, there were 2,440 new ransomware cases made public on the dark web, up 84% compared to the same period in 2024 (1,325). Of that number, 990 (41%) were US businesses.
That makes the United States the most affected country globally by far, since second-placed Canada had “only” 105 cases. The UK is third with 74, followed by Germany (56), France (42), and India (42).
Monitor your credit score with TransUnion starting at $29.95/month
TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.
Preferred partner (What does this mean?)
Manufacturing, IT, professional services
According to NordStellar’s cybersecurity expert Vakaris Noreika, this is because the US has plenty of rich business targets: “A high concentration of wealthy businesses with cyber insurance that includes ransom coverage make the US a desirable target for hackers,” Noreika explained.
“The economy of the US is highly digitalized and most businesses depend on interconnected systems, cloud technologies, and remote work environments — all factors that create more opportunities for ransomware attacks to infiltrate.”
Ransomware criminals seem to be particularly interested in businesses in manufacturing, since this industry recorded 273 cases. IT was second with 172 cases, and professional services was third with 116. Surprisingly enough, these are mostly SMBs, not enterprises. Companies with a revenue of $10M-50M, employing 51-200 people, were most-hit in Q1.
Ransomware continues being one of the most destructive and disruptive cybercriminal operations out there. Every day the threat grows, as cybercriminals find new ways to deploy encryptors and abuse AI in their attacks:
“The soaring number of ransomware attacks is more than just a trend — it's an ever-growing threat for businesses worldwide,” Noreika said. “Ransomware groups are getting more sophisticated, exploiting zero-day vulnerabilities faster, and leveraging ransomware-as-a-service (RaaS) to expand their reach. Many organizations still struggle with unpatched systems and weak credential security, thus, becoming easy targets. No business, regardless of size, is immune.”
You might also like
- The growing threat of ransomware for SMBs
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers