Skip to main content
close search
site logo
Dive Brief

Ransomware attacks jumped 28% in September

The surge “could be a sign that the decline we’ve seen recently is now over,” said cybersecurity firm NCC Group’s Matt Hull.

Published Oct. 28, 2025
Alexei Alexis's headshot
Reporter
A man faces multiple computer screens.
Getty Images

Dive Brief:

  • Monthly ransomware attacks rose for the first time in six months in September, increasing by 28% from the previous month to 421 attacks, cybersecurity firm NCC Group said Monday. 
  • Three quarters of the attacks took place in North America and Europe, including a ransomware attack on major European airports that forced airlines to switch to manual operations, causing delays and cancellations, according to a report on the findings.
  • “The rise in attacks in September could be a sign that the decline we’ve seen recently is now over,” Matt Hull, head of threat intelligence at NCC, said in a press release. “As we approach the busy season for attackers — with Black Friday and Christmas fast approaching — organizations can’t be complacent.”

Dive Insight:

Salesforce, Volvo and Dell are among major companies that have reported ransomware attacks this year.

The industrials sector continued to bear the brunt of ransomware activity last month, enduring 29% of attacks, according to NCC’s research. It was also the most targeted sector for the third quarter, with 30% of attacks.

The findings make “clear that Industrials is a highly attractive target for cyber criminals, even as public attention remains on consumer-facing breaches,” NCC said in its release.

The “consumer discretionary” sector — including automotive manufacturers, retail businesses, and leisure facilities — followed with 76 attacks, while the financial industry moved to third place with 47 attacks. “The continued targeting of financial institutions highlights attackers’ strategic focus on accessing financial data, and reflects a broader trend of ransomware campaigns to” maximize monetary gain, the release said.

Ransomware attacks in the third quarter overall fell by 5% compared with the second quarter, NCC said.

Despite this drop, established threat actors such as Qilin, Akira, and INC Ransom sustained a high level of operational activity, underscoring their continued influence in the threat landscape,” according to the report.

During the first half of the year, the average cost of an individual ransomware attack rose by 17%, cyber risk management firm Resilience reported last month based on an analysis of internal insurance claims.

Among Resilience clients, the average insurance loss from a ransomware attack in H1 2025 exceeded $1.18 million, compared with $1.01 million in the same period last year. Ransomware attacks accounted for 76% of incurred losses in H1, compared with 46% in the same period last year.

Cyber criminals are using increasingly sophisticated extortion tactics, including artificial intelligence-powered social engineering and “double extortion” — demanding a ransom payment for both data decryption and to prevent its public release, according to the Resilience report. The evolving ransomware playbook also has included theft of cyber insurance policies to better benchmark and set higher ransom demands, it said.

Editors' picks

  • two executives walking down a staircase in an office
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    2026 finance conference roundup

    As CFOs build their strategies for the coming year, scheduling time to learn from peers and industry experts can be a critical piece of the planning.

    By Grace Noto • Oct. 1, 2025
  • A white stone government building with columns at nighttime
    Image attribution tooltip
    Getty Images
    Image attribution tooltip
    Tracker

    Tracking CPA licensure paths: Removing the 150-hour-rule hurdle

    State changes to licensing rules are chipping away at a decades-old system that has largely required CPA candidates to complete what effectively amounts to a fifth year of schooling.

    By CFO Dive staff • Updated Oct. 24, 2025

Company Announcements

View all | Post a press release
83% of Procurement and Finance Leaders Feel Accountable for Innovation — Yet Only 27% Feel Ful…
From Raindrop Systems
October 21, 2025
Raindrop Systems logo

Want to share a company announcement with your peers?

Get started

Editors' picks
  • two executives walking down a staircase in an office
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    2026 finance conference roundup

    As CFOs build their strategies for the coming year, scheduling time to learn from peers and industry experts can be a critical piece of the planning.

    By Grace Noto • Oct. 1, 2025
  • A white stone government building with columns at nighttime
    Image attribution tooltip
    Getty Images
    Image attribution tooltip
    Tracker

    Tracking CPA licensure paths: Removing the 150-hour-rule hurdle

    State changes to licensing rules are chipping away at a decades-old system that has largely required CPA candidates to complete what effectively amounts to a fifth year of schooling.

    By CFO Dive staff • Updated Oct. 24, 2025
Latest in Compliance
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.