Cl0p group fuels record ransomware attacks in 2025

Ransomware attacks have surged to historic levels in early 2025, mainly driven by the Cl0p ransomware group. Reports indicate that February saw nearly 1,000 attacks, which is the highest recorded in a single month. The group is responsible for 385 of these attacks in just the first few weeks of the year. According to NordStellar, ransomware incidents have increased by 81% compared to the previous year. Cl0p, which emerged in 2019, offers ransomware-as-a-service, allowing other criminals to use their tools to launch attacks. Their notoriety grew significantly after a major breach involving MOVEit Managed File Transfer, which affected over 600 organizations and 40 million individuals. In 2025, 844 out of 2,040 reported victims were from the United States. Cybersecurity expert Vakaris Noreika explains that American organizations are often targeted due to their wealth, cyber insurance, and interconnected networks. Noreika describes the rise in attacks as unprecedented, attributing it to hackers exploiting vulnerabilities and the proliferation of ransomware services. Noreika also emphasizes the need for organizations to address vulnerabilities quickly, citing previous incidents involving file transfer software. To combat ransomware threats, NordStellar recommends multi-layered cybersecurity, regular data backups, and multi-factor authentication. Employee training and endpoint protection systems are also advised to prevent unauthorized access and detect intrusions.