US businesses are the top target for ransomware in 2025 so far

News
By published

American SMBs are being hit particularly hard

A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
(Image credit: Shutterstock / JLStock)
  • US businesses were prime targets for ransomware actors in Q1 2025
  • Manufacturing, IT, and services, were particularly hit, says NordStellar
  • SMBs are a bigger target than enterprises, report warns

US businesses have been prime targets for ransomware attackers in 2025 so far, making up almost half of all incidents of that nature this year.

A new report from NordStellar, which analyzed dark web data, found there were 2,440 new ransomware cases made public on the dark web, up 84% compared to the same period in 2024 (1,325). Of that number, 990 (41%) were US businesses.

That makes the United States the most affected country globally by far, since second-placed Canada had “only” 105 cases. The UK is third with 74, followed by Germany (56), France (42), and India (42).

Monitor your credit score with TransUnion starting at $29.95/month

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Manufacturing, IT, professional services

NordStellar’s cybersecurity expert Vakaris Noreika, this is because the US has plenty of rich business targets.

“A high concentration of wealthy businesses with cyber insurance that includes ransom coverage make the US a desirable target for hackers,” Noreika explained.

“The economy of the US is highly digitalized and most businesses depend on interconnected systems, cloud technologies, and remote work environments — all factors that create more opportunities for ransomware attacks to infiltrate.”

Ransomware criminals seem to be particularly interested in businesses in manufacturing, since this industry recorded 273 cases. IT was second with 172 cases, and professional services was third with 116.

Surprisingly enough, these are mostly SMBs, not enterprises. Companies with a revenue of $10M-50M, employing 51-200 people, were most-hit in Q1.

Ransomware continues being one of the most destructive and disruptive cybercriminal operations out there. Every day the threat grows, as cybercriminals find new ways to deploy encryptors and abuse AI in their attacks.

“The soaring number of ransomware attacks is more than just a trend — it's an ever-growing threat for businesses worldwide,” Noreika said.

“Ransomware groups are getting more sophisticated, exploiting zero-day vulnerabilities faster, and leveraging ransomware-as-a-service (RaaS) to expand their reach. Many organizations still struggle with unpatched systems and weak credential security, thus, becoming easy targets. No business, regardless of size, is immune.”

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.