Ransomware Attacks Remain Steady in July, But Threat Level Remains Elevated, According to Report

ByAdmin

Global ransomware activity showed minimal change in July, with a marginal 1% increase in reported incidents compared to the prior month, according to a new report by NCC Group. The research found that there were 376 ransomware cases worldwide in July, up from 371 in June. Despite this relative stability in incident figures, experts caution that the apparent plateau should not be viewed as a period of reduced risk. The Industrials sector continued to experience the highest frequency of attacks, with 27% of all ransomware incidents—equivalent to 101 cases—targeting this field. In contrast, the Consumer Discretionary sector, including retail, recorded a slight rise in incidents, moving from 76 in June to 82 in July. Information Technology reported 31 incidents, while Healthcare was only marginally behind with 30 attacks noted in the same period.

Intensified activities from various ransomware groups were observed. The threat actor known as INC Ransom accounted for the highest share of attacks, responsible for 14% of global incidents. According to the report, INC Ransom’s attack numbers have been increasing in recent months, rising from 14 in May, to 24 in June, and up to 54 recorded cases in July. The group has reportedly targeted Critical National Infrastructure throughout 2025. Other major threat actors identified in the report include Qilin and Safepay, each accounting for 11% of attacks with 40 incidents apiece. Akira was the next most active group, responsible for 10% of attacks (37 cases) during the month. The majority of ransomware attacks in July were directed at North America, which suffered 204 incidents—representing 54% of all global cases. While this showed a 3% decline compared to June, the region remains far more heavily targeted than others. Europe accounted for 21% of attacks with 78 incidents, remaining steady compared to previous months and evidencing a continued gap in threat levels between North America and Europe. In addition, Asia maintained a 12% share of global attacks (43 incidents), and South America followed with 6% (22 cases). Several geopolitical developments during July have the potential to influence the cyber threat landscape, the NCC Group report noted. The BRICS summit saw Brazil’s President criticise United States tariff threats, reinforcing BRICS nations’ exploration of alternatives to Western-led financial systems. According to the report, this could result in increased hacktivist activities targeting Western institutions. There were also developments concerning United States technology exports, with American authorities reversing export restrictions on NVIDIA artificial intelligence chips to China. The report notes that this raised concerns about national security and opened the possibility for Chinese threat actors to further develop their capabilities. 

Categories: Ransomware Incidents, Sector Vulnerability, Geopolitical Influences 

Tags: Ransomware, Incidents, Industrials, Consumer Discretionary, Information Technology, Healthcare, Threat Actors, North America, Geopolitical, Cyber Threat 

Leave a Reply

Your email address will not be published. Required fields are marked *