- Ransomware attacks have reached their highest
- The CL0P group was very active in the first quarter of 2025
- NordStellar statistics express the growing threat of ransomware
Ransomware attacks experienced an increase of 81% from one year to the next, said new research from Nordstellar.
This increase can be widely attributed to the group of Ransomware CL0P, which has seen something of a resurgence because the group claims responsibility for 385 attacks in the first weeks of 2025 only.
Consequently, February 2025 saw the most ransomware attacks in history, with 980 known attacks occurring in just 28 days – an average of 35 attacks per day.
A CL0P in the ocean
The CL0P group broke into the Ransomware scene around 2019, offering ransomware as a service (RAAS), where a cybercriminal group will rent its ransomware to others to commit their own attacks, or sell access to the network and to the systems of an organization so that others can encrypt and extort.
The notoriety of the group saw its peak after having succeeded in violating the transfer of managed Moveit files, which saw more than 600 organizations being stolen from their sensitive data, affecting more than 40 million people.
So far, in 2025, American organizations have represented 844 of the 2,040 victims, that Vakaris Noreika, a cybersecurity expert at Nordstellar, attributes to the fact that American companies are often lucrative targets for ransomwares thanks to their wealth and their cyber insurance, as well as their highly interconnected entry – with each user, a device and a connection As a potential point for a highly interconnected attacker – with each user, a device and a connection and a connection as a potential point for a highly interconnected attacker – with each user, a device and a connection and a connection as a potential point for a highly interconnected attacker.
“The increase in ransomware attacks is unprecedented, which proves that the threat is more relentless than ever,” says Noreika.
“The peak is motivated by a combination of factors – pirates exploiting zero day vulnerabilities faster than ever, the rise of ransomware as a service (RAAS) lowering the barrier to the entrance, and the organizations with unrelated systems and poor security of identification information.”
“The re-emergence of CL0P could be closely linked to the group’s past activities, such as the exploitation of zero-day vulnerabilities in key file transfer software, compromising hundreds of organizations around the world,” explains Noreika.
“This incident, as a similar movement transfer in 2023, highlights the critical importance of quickly treating vulnerabilities in managed file transfer solutions to protect against sophisticated cyber-menices.”
In order to alleviate the potential threat of ransomware attack, NordStellar recommends that organizations deploy multilayer cybersecurity strategies, as well as the use of regular data backups that can be recovered in the event of an attack.
Multi-faters’ authentication can also help protect against unauthorized access and lateral movement, with dark web monitoring tools providing an early compromise sign for user identification information or stolen data.
Organizations can also provide cybersecurity training to employees and deploy final points protection systems in order to detect potential network intrusions.
