- Google I/O 2025: How to watch and what the event schedule tells us
- Motorola's new Swarovski earbuds left us bedazzled and confused at the same time
- Finally, a wireless microphone that effectively replaces my Shure shotgun when traveling
- I ditched my smartphone for this E Ink handset for two weeks, and it rewired my brain
- Blue Shield of California Data Breach Affects 4.7 Million Members
Ransomware Attacks Fall Sharply in March
Ransomware attacks plummeted by 32% month-over-month in March 2025, with a total of 600 claimed incidents, according to NCC Group’s latest Threat Pulse report.
Despite the drop compared to February 2025, the firm noted that ransomware cases in March increased by 46% year-over-year.
Commenting on the findings, Matt Hull, Head of Threat Intelligence at NCC described the month-over-month fall in March as a “red herring,” as it followed unprecedented levels of attacks in the preceding months.
“As ever, we are seeing threat actors diversifying and leveraging increasingly complex and sophisticated attack methods to stay ahead – not only to cause mass disruption but to gain attention in the ransomware world,” Hull warned.
North America was targeted in around half (49%) of all attacks in March.
NCC Group linked this high proportion to rising geopolitical tensions associated with the US and Canada.
“It’s likely that attacks in North America will continue to dominate, with rising political tensions and division between Canada and the US under President Trump’s leadership heightening geopolitical friction. This suggests an increased risk of cyber-attacks targeting Canada and related international organizations,” the firm wrote.
Doubts Over Legitimacy of Babuk2
The threat actor Babuk2 claimed responsibility for the highest number of attacks in March at 84, making up 20% of the total.
The group, which emerged in January 2025, has claimed a total of 145 attacks in Q1 2025.
However, NCC noted that there are significant doubts over the legitimacy of Babuk2’s claims. This is because the group often fails to provide genuine evidence of an actual breach.
In addition, the original Babuk group has claimed no connection to the new operation.
“The security community and ransomware actors alike believe that Babuk 2.0 is a fraudulent group, recycling data from previous breaches and claiming them as their own,” the report said.
Akira and RansomHub were the second most active groups in March, with 62 claimed attacks each. This was followed by Safepay with 42 attacks.
Clop Responsible for Most Attacks in Q1
The Clop ransomware gang was responsible for 19% of ransomware attacks in Q1, making it the most prolific actor.
Overall, 45% of attacks in the quarter were attributed to four groups – Clop, Akira, RansomHub and Babuk2.
The Clop attacks were primarily attributed to the successful exploitation of two zero day vulnerabilities in Cleo software in late 2024.
The report noted that the Akira and RansomHub ransomware-as-a-service (RaaS) groups operate highly attractive affiliate structures, which likely contribute to the high number of attacks claimed by each actor in the quarter.
Akira operates an 80/20 commission structure in favor of affiliates, while for RansomHub, it is 90/10.
