CyberMaxx, the leading managed detection and response (MDR) provider, released its Quarterly Ransomware Research Report today. The report reveals that Q1 2025 witnessed a surge in ransomware attacks, making it the most prolific quarter for ransomware activity. According to CyberMaxx research, there were 74 active groups responsible for 2,461 recorded incidents in Q1 2025. This figure marks a 4.3% increase over the previous quarter, which saw 66 active groups conduct 2,358 attacks.
CHICAGO, April 22, 2025 /PRNewswire-PRWeb/ -- CyberMaxx, the leading managed detection and response (MDR) provider, released its Quarterly Ransomware Research Report today. The report reveals that Q1 2025 witnessed a surge in ransomware attacks, making it the most prolific quarter for ransomware activity.
According to CyberMaxx research, there were 74 active groups responsible for 2,461 recorded incidents in Q1 2025. This figure marks a 4.3% increase over the previous quarter, which saw 66 active groups conduct 2,358 attacks.
In Q1 2025, ransomware groups averaged 33.2 successful attacks each. With 398 attacks, Cl0p was the most active group this quarter, representing approximately 16% of all successful attacks.
Other notable ransomware groups in Q1 2025 were RansomHub (234 attacks), Akira (217 attacks), Babuk2 (156 attacks), and Qilin (113 attacks). Notably, Lockbit, one of the most prolific groups throughout 2024, fell to 24th place with only 23 attacks.
February 2025 was a record-breaking month for the Cl0p: the group carried out 331 individual attacks, the highest number ever recorded by a single group in a single month.
Cl0p's dominance stems from its use of two critical vulnerabilities. These include CVE 2024 50623 and CVE 2025 55956 in Cleo Harmony products.
This surge in ransomware activity during Q1 2025 marks a clear escalation in ransomware threats, and Cl0p has raised the benchmark for attack efficiency and volume.
The group's successful exploitation of critical vulnerabilities reinforces the urgent need for security teams to prioritize patch management and promptly address critical vulnerabilities in Q2 2025.
Organizations should enhance their monitoring and detection capabilities to catch intrusions before data exfiltration occurs and ensure they implement multi-factor authentication (MFA) while actively monitoring compromised accounts.
CyberMaxx's cyber research team regularly investigates threats on its own. These efforts aim to build shared knowledge across the cybersecurity community.
Access the full Ransomware Research Report here: https://cybermaxx.com/q1-2025-ransomware-research-report/
About CyberMaxx
CyberMaxx, LLC., founded in 2002, is the leading provider of managed detection and response (MDR), headquartered in Chicago, IL. CyberMaxx's managed detection and response solution (MaxxMDR) is designed to be scalable for clients of all sizes, providing protection and improving the organization's security posture, ultimately giving customers peace of mind that their systems and data are secure. CyberMaxx expanded its capabilities through the 2022 acquisition of CipherTechs, an international cybersecurity company providing a complete cybersecurity portfolio across MDR Services, Offensive Security, Governance, Risk & Compliance, DFIR, and 3rd party security product sourcing.
Media Contact
Clint Poole, CyberMaxx, 1 6174597878, [email protected], www.cybermaxx.com
SOURCE CyberMaxx
Share this article