- American companies were main targets for ransomware players in T1 2025
- Manufacturing, IT and services were particularly affected, explains Nordstellar
- SMEs are a larger target than businesses, warns the report
So far, American companies have been main for Ransomware attackers in 2025, representing almost half of all the incidents of this nature this year.
A new NordStellar report, which analyzed Dark web data, revealed that there were 2,440 new cases of ransomware made public on the Dark Web, up 84% compared to the same period in 2024 (1,325). Of this number, 990 (41%) were American companies.
This makes the United States the most affected country in the world by far, because Canada placed in the second row had “only” 105 cases. The United Kingdom is third with 74, followed by Germany (56), France (42) and India (42).
Manufacturing, IT, professional services
Nordstellar Vakaris Noreika Cyberstellar Expert is because the United States has many rich commercial objectives.
“A high concentration of rich companies with cyber-assurance which includes ransom coverage makes the United States a desirable target for pirates,” said Noreika.
“The United States’s economy is strongly digitized and most companies depend on interconnected systems, cloud technologies and remote work environments – all factors that create more opportunities for ransomware attacks to infiltrate.
Ransomware criminals seem particularly interested in companies in manufacturing, because this industry has recorded 273 cases. He was second with 172 cases, and professional services finished third with 116.
Surprisingly, they are mainly SMEs, not companies. Companies with turnover of $ 10 million, employing 51 to 200 people, were the most affected in the first quarter.
Ransomware continues to be one of the most destructive and most disturbing cybercriminal operations. Each day, the threat develops because cybercriminals find new ways to deploy figures and abuse AI in their attacks.
“The arrow number of ransomware attacks is more than a simple trend – it is an ever -increasing threat to businesses around the world,” said Noreika.
“Ransomware groups become more sophisticated, exploiting zero day vulnerabilities faster and taking advantage of ransomware as a service (RAAS) to extend their scope. Many organizations are still fighting with unlike systems and low security of identification information, thus becoming easy objectives. No company, whatever its size, is immune. ”
