From critical infrastructure to classrooms, no sector is being spared. In July 2025, cyber attacks surged across nearly every industry and region, marking a sharp escalation in both scale and sophistication.

This blog unpacks the latest global trends in cyber attacks, including:

  • The overall volume of attacks worldwide.
  • Industry-specific targeting.
  • Regional threat hotspots.
  • The latest ransomware data, including which countries are hardest hit.

The insights come from our ThreatCloud AI platform, which analyzes millions of indicators of compromise (IoCs) daily. Powered by over 50 AI-driven engines and fed by intelligence from more than 150,000 networks and millions of endpoints, ThreatCloud delivers one of the most comprehensive, real-time views of the global threat landscape available today.

Global Data: Rising Attacks Across the Board

Overall Global Attacks

In July 2025, the average number of cyber attacks per organization per week reached 2,011. That’s a 3% increase from the previous month and a 10% rise compared to July 2024. The steady climb highlights how persistent and adaptable threat actors continue to be.

Global Attacks by Industry
Some sectors are being hit far harder than others. Leading the list:

  • Education faced the highest number of weekly cyber attacks, averaging 4,248 attacks per organization — an 11% increase year over year.
  • Telecommunications followed with 2,769 attacks weekly, marking a 24% surge compared to the same period in 2024.
  • Government organizations were not far behind, experiencing 2,745 attacks per week, up 6% year over year.
  • Most notably, the agriculture sector saw the highest spike, with an 81% increase, indicating its growing appeal as a soft target.

From education networks to telecom giants to farms, no vertical is immune — and some are becoming prime targets.

Overall Attacks by Region

The threat landscape also varies widely by geography:

  • Asia-Pacific (APAC) recorded the highest average, with 3,403 attacks per organization per week — a 3% increase year over year.
  • Latin America followed with 2,917 weekly attacks, up 4% from July 2024.
  • North America saw 2,870 attacks per organization, reflecting a 5% increase.
  • Europe, while slightly behind in volume, showed the most alarming trend: a 15% increase year over year — the largest spike of any region.

The data signals a global surge in cyber risk, but Europe’s sharp rise suggests attackers are zeroing in on previously less-targeted regions.

Ransomware Attacks

By Region and Industry

Ransomware continues to be one of the most damaging and visible forms of cyber crime. In July 2025, there were 518 reported ransomware attacks, a staggering 28% increase compared to the same period in 2024.

  • North America was hit hardest, accounting for 52% of all reported ransomware incidents.
  • Europe followed with 25%, reflecting its growing prominence on the radar of ransomware groups.

From an industry perspective:

  • The consumer goods & services sector was the most impacted, representing 12.0% of all reported attacks.
  • The construction & engineering sector followed at 10.2%.
  • Business services rounded out the top three with 9.5%.

Note: This data is sourced from ransomware “shame sites” operated by double-extortion groups who publicly post victim information. While inherently biased and incomplete, these sources offer valuable insight into ransomware trends and victimology.

Top Ransomware Groups

In July 2025, three ransomware-as-a-service (RaaS) groups dominated the landscape, responsible for a large share of publicly disclosed attacks. This section is based on victim data posted to ransomware “shame sites,” operated by double-extortion groups.

  • Qilin accounted for 12% of all published attacks, making it the most active group this month. Formerly known as “Agenda,” Qilin has been operating since 2022 and has steadily expanded its infrastructure. By September 2022, the group rebranded and introduced a Rust-based encryptor. Since March 2025 — following the retirement of RansomHub — Qilin has intensified its affiliate recruitment and dramatically increased its victim disclosures. Affiliates are provided with a full-featured admin panel, negotiation infrastructure, and support services.
  • Inc. Ransom was responsible for 9% of attacks. Active since mid-2023, the group has a distinct victim profile: 33% of its targets in Q2 2025 were in healthcare, and 10% in education — sectors often considered off-limits by some groups. It also runs a dual-site infrastructure: a credential-protected negotiation portal and a public leak site. Inc. Ransom supports both Windows and Linux payloads and is steadily growing in scope and capability.
  • Akira claimed 8% of reported attacks. First identified in early 2023, Akira targets Windows, Linux, and ESXi systems. Its Q2 2025 victimology shows a focus on business services (19%) and industrial manufacturing (18%). In 2024, it released a Rust-based variant optimized for ESXi environments, featuring selective encryption, VM targeting, runtime controls, and a Rust build-ID guard designed to evade reverse engineering.

These groups continue to evolve, both in their tooling and targeting, making them some of the most dangerous actors to watch in the months ahead.

Looking Ahead: A Deeper Dive into Ransomware Trends

The ransomware surge observed in July caps off a quarter marked by expanding threat actor reach, evolving ransomware-as-a-service ecosystems, and growing pressure on critical sectors.

The trends shared above are only part of the picture. In our full Q2 2025 Ransomware Report, we examine:

  • The rise and operations of key ransomware groups like Qilin, Inc. Ransom, and Akira.
  • The increasing use of AI in attack tactics.
  • Sector-specific risk patterns and attacker preferences.
  • Actionable insights for defenders looking to harden their environments.

The data outlined here offer just a glimpse into the shifting ransomware and cyber attack landscape. As threat actors refine their techniques and broaden their reach, organizations must stay informed and proactive.

For a more detailed analysis, including group-specific tactics, regional dynamics, and practical defense strategies, download our full Q2 2025 Ransomware Report. It offers an in-depth view into the threats shaping the second half of the year.

You may also like