SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
SOC
#
EDR

February 2025 reports record spike in ransomware attacks

Today
Author image
By Sean Mitchell, Publisher

A new report from Bitdefender highlights that February 2025 has been historically significant as the worst month recorded for ransomware based on the total number of claimed victims.

The Bitdefender Threat Debrief disclosed an alarming 126% increase in claimed ransomware victims year-over-year, with numbers rising from 425 victims in February 2024 to 962 in February 2025. Australia was identified as one of the top 10 countries affected. A significant surge in incidents has been attributed to the ransomware-as-a-service group known as Clop (Cl0p), which accounted for 335 victims.

The report suggests that the increase in ransomware attacks can be attributed to a shift in strategy where groups target newly discovered software vulnerabilities in edge network devices. Bitdefender states that instead of concentrating on specific industries or companies, ransomware groups are increasingly seeking vulnerabilities with high-risk scores, particularly those that allow remote control of a system.

Cybercriminals, including financially motivated and state-affiliated actors, are taking advantage of these software vulnerabilities. The report explains that once a vulnerability is publicly disclosed, these actors quickly launch automated scanners to find vulnerable systems, establishing access which later allows for manual hacking and eventual ransomware deployment.

Bitdefender's analysis specifically points to Clop's exploitation of two vulnerabilities within Cleo file transfer software, CVE-2024-50623 and CVE-2024-55956, both rated 9.8 out of 10 in severity. These vulnerabilities, disclosed in late 2024, enabled command execution on vulnerable systems, accounting for the current reported victims.

The report discusses key defensive strategies against such ransomware attacks, highlighting the importance of patching vulnerabilities, threat hunting, and the use of advanced detection systems. These include prioritising patches for actively exploited vulnerabilities and employing tools such as EDR/XDR for enhanced detection.

Bitdefender's debrief also touches on other notable ransomware developments. One significant update is related to Black Basta operations, where a chatbot, BlackBastaGPT, helps researchers scrutinise leaked interactions. This tool has provided insights into the operations and challenges faced by Black Basta.

Additionally, the report notes a joint advisory from CISA on Ghost (Cring) ransomware, recommending prioritised security practices for organisations to mitigate risks associated with the ransomware.

New ransomware groups such as Anubis and Run Some Wares have also been identified, bringing their tactics to the increasing pool of cyber threats. The report lists the top affected countries, with the US topping the list followed by Canada, UK, and others, including Australia.

Through their extensive data collection and telemetry ecosystem, comprising openly available sources and data leak portals, Bitdefender seeks to continuously refine its threat intelligence and cybersecurity measures.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
CASwell introduces AI-enhanced fan-less cybersecurity device
UK firms face tech fragmentation in cybersecurity by 2025
VMware vulnerabilities highlight need for data protection
US leads global online fraud rates, new study reveals
Exclusive: GBG's Carol Chris on innovation, fraud prevention and growth
Top stories
World Backup Day highlights need for Active Directory focus
World Backup Day highlights crucial data protection needs
F5 & NVIDIA collaborate to enhance AI at network edge
Exclusive: Tenable's growth driven by strategic moves and channel focus
Titan of Tech - Nadene Serman of Infotrack