Ransomware remains among the most disruptive cyber threats, with threat actors continually refining their methods and broadening their target scope. Between September 2024 and March 2025, several high-impact ransomware incidents made headlines—affecting critical infrastructure, healthcare, telecoms, government bodies, and cloud service providers.
These attacks reveal ongoing shifts in ransomware operations, including heightened ransom demands, growing reliance on double extortion, and exploitation of supply chain weaknesses.
Major Ransomware Events: September 2024 – March 2025
1. Medusa Strikes Critical Infrastructure (March 2025)
The Medusa ransomware group launched extensive attacks targeting over 300 organizations across healthcare, education, manufacturing, and insurance. Gaining access through phishing campaigns and software vulnerabilities, Medusa encrypts data and leverages double extortion tactics by threatening to leak sensitive files. These attacks highlight the increasing focus on essential services, raising pressure to pay ransoms quickly.
2. Cl0p Claims Rackspace Breach (March 2025)
Cl0p ransomware group alleged a breach of Rackspace, claiming to have exfiltrated sensitive corporate data and posted it on the dark web after failed ransom negotiations. Rackspace, however, denied any compromise. Regardless of confirmation, the event underscores how cloud providers have become attractive targets for cybercriminals.
3. DragonForce Targets Saudi Organizations (February 2025)
Ransomware-as-a-service (RaaS) actor DragonForce attacked Saudi real estate and construction firms. The group issued a ransom deadline just before Ramadan and subsequently released 6TB of stolen data on a separate leak portal when payment was not made.
4. Black Basta Hits Ascension Health (Discovered Dec 2024)
A ransomware attack linked to Black Basta affected Ascension, one of the largest U.S. healthcare systems, exposing personal and medical data of approximately 5.6 million people. This incident reinforces the healthcare sector’s vulnerability to ransomware due to its critical operations and sensitive records.
5. Salt Typhoon Breaches U.S. Telecoms (Late 2024)
State-backed Salt Typhoon infiltrated nine major telecom providers in the U.S., including Verizon, AT&T, and T-Mobile. The breach compromised metadata from calls and texts, including systems used for lawful wiretaps. Unlike financially motivated ransomware, this attack emphasized espionage objectives.
6. Trinity Claims Attack on Spain’s Tax Authority (Dec 2024)
The Trinity ransomware gang claimed to have stolen 560GB of data from Spain’s Agencia Tributaria and demanded $38 million. Despite the group's assertions, Spanish officials found no evidence of intrusion. Nevertheless, the incident reflects a broader trend of ransomware groups focusing on government agencies holding vast amounts of sensitive citizen data.
Key Ransomware Trends Emerging from Recent Attacks
Critical Industries Under Fire
Sectors such as healthcare, government, telecoms, and cloud services face frequent attacks due to the value and sensitivity of their data.
Double Extortion Becomes the Norm
Modern ransomware groups not only encrypt files but also extract data, threatening to publish it unless paid—seen with Medusa, Cl0p, Trinity, and others.
Entry via Phishing and Vulnerabilities
Many incidents stemmed from phishing or unpatched software. The Medusa and Black Basta breaches are prime examples of this common entry point.
Escalating Ransom Demands
Groups like Trinity have made ransom demands in the tens of millions, reflecting the increasing financial stakes of such attacks.
Cloud and MSPs as Prime Targets
Cloud providers and managed service platforms serve as valuable entry points for attackers due to their access to multiple clients.
Western Nations Targeted Most Frequently
The U.S. and Europe remain frequent targets due to their financial capacity and dense regulatory environments. Government and healthcare sectors are especially at risk.
Looking Ahead: A Proactive Defense is Essential
The past six months have reinforced that ransomware is growing in both sophistication and scale. Organizations must move from reactive measures to proactive defense—emphasizing employee education, strict access controls, and strong backup strategies.
By staying vigilant and adopting modern protection frameworks, businesses can strengthen their resilience against ransomware’s disruptive potential.
Comments ( 0 )