Cl0p resurgence drives ransomware attacks to new highs in 2025

Ransomware
(Image credit: Getty Images)

  • Ransomware attacks have reached their highest in February 2025, report claims
  • The Cl0p group has been highly active in Q1 of 2025
  • NordStellar statistics lay bare the rising threat of ransomware

Ransomware attacks have had an 81% increase year on year, new research from NordStellar has claimed.

This increase can be largely attributed to the Cl0p ransomware group, which has seen something of a resurgence as the group claims responsibility for 385 attacks in the first few weeks of 2025 alone.

As a result, February 2025 saw the most ransomware attacks in history, with 980 known attacks occurring in just 28 days - an average of 35 attacks per day.

A Cl0p in the ocean

The Cl0p group broke into the ransomware scene in around 2019, offering ransomware-as-a-service (RaaS), where a cybercriminal group will rent out their ransomware to others to commit their own attacks, or sell access to an organization's network and systems for others to encrypt and extort.

The group’s notoriety saw its peak after successfully breaching MOVEit Managed File Transfer, which saw over 600 organizations have their sensitive data stolen, affecting over 40 million people.

So far in 2025, US organizations have made up 844 of the 2,040 victims, which Vakaris Noreika, a cybersecurity expert at NordStellar, attributes to the fact that American companies are often lucrative targets for ransomware groups thanks to their wealth and cyber insurance, as well as their highly interconnected networks - with each user, device, and connection acting as a potential point of entry for an attacker.

“The surge in ransomware attacks is unprecedented, proving the threat is more relentless than ever,” Noreika says.

“The spike is driven by a combination of factors — hackers exploiting zero-day vulnerabilities faster than ever, the rise of ransomware as a service (RaaS) lowering the barrier to entry, and organizations still struggling with unpatched systems and poor credential security."

“Cl0p’s reemergence might be closely connected to the group’s past activities, such as exploitation of zero-day vulnerabilities in Cleo file transfer software, compromising hundreds of organizations worldwide,” says Noreika.

“This incident, like a similar MOVEit Transfer one in 2023, highlights the critical importance of promptly addressing vulnerabilities in managed file transfer solutions to protect against sophisticated cyber threats.”

In order to mitigate the potential threat of a ransomware attack, NordStellar recommends that organizations deploy multi-layered cybersecurity strategies, as well as using regular data backups that can be recovered in the event of an attack.

Multi-factor authentication can also help protect against unauthorized access and lateral movement, with dark web monitoring tools providing an early sign of compromise for user credentials or stolen data.

Organizations can also provide cybersecurity training to employees and deploy endpoint protection systems as a way to detect potential network intrusions.

You might also like

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
Ransomware attack on a computer
Ransomware attacks surged in 2024 as hackers looked to strike faster than ever
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
An illustration of a silhouetted thief in motion running while carrying a stolen fingerprint
The 5 worst cyberattacks of 2024
Latest in Security
Power cables stretching out in front of the horizon
Solar grids could be hijacked and even potentially disabled by these security flaws
Spam messages
Microsoft Stream classic domain hijacked, causing spam across SharePoint
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
Latest in News
Power cables stretching out in front of the horizon
Solar grids could be hijacked and even potentially disabled by these security flaws
Lenovo | Thinkpad T14s Gen 6 Snapdragon
Windows 11’s latest patch declares war on BIOS updates for some Lenovo laptops, blocking them as a security risk in a bizarre turn of events
Samsung Galaxy Watch Ultra
Samsung confirms Galaxy Watches aren't tracking sleep properly – here's the fix if you're affected
Tomodachi Life: Living the Dream screenshot showing a Mii smelling some fresh flowers.
Tomodachi Life: Living the Dream is a sequel to my favorite 3DS game, and I think it's already packing the charm that inZOI lacks
Spam messages
Microsoft Stream classic domain hijacked, causing spam across SharePoint
ChatGPT logo
ChatGPT 4o just got better, although I’m yet to notice a difference