- 7 ways to lock down your phone's security - before it's too late
- Automate Forensics to Eliminate Uncertainty
- I changed 7 Samsung phone settings to significantly improve the battery life
- Agentes de IA: 'the next big thing' en la transformación del negocio
- TikTok Fined €530m Over Transfers of European User Data to China
Ransomware Attacks Fall in April Amid RansomHub Outage
Ransomware attacks declined significantly in April, partly as a result of the RansomHub gang experiencing infrastructure outages, according to a new analysis by Comparitech.
The consumer awareness company logged a total of 479 ransomware attacks throughout the month. This marked a notable drop compared to the first three months of 2025 in which Comparitech recorded 530 in January, 973 in February and 713 in March.
Of the 479 logged attacks, 39 were confirmed by the targeted entity, such as through data breach notifications or press releases.
Comparitech said a major factor in the fall was RansomHub apparently “going dark” from March 31.
An analysis by Group-IB on the group on April 30 observed that it had suffered a “significant outage on March 31.”
Shortly after, Qilin’s administrator “Haise” became active on RAMP, advertising a new ransomware version and DDoS extortion features. Group-IB said it is possible that RansomHub affiliates have moved over to Qilin.
Comparitech observed a sharp uptick in Qilin attacks in April compared to March, from 45 to 67, adding credence to this theory.
Meanwhile, RansomHub listed no new victims on its data leak site in April.
A report by NCC Group in April found that RansomHub was one of the most prolific ransomware actors in March 2025, with 62 claimed attacks.
According to the Comparitech report, Qilin was the most prolific ransomware group in April, followed by Akira (62), Play (50), Lynx (32) and NightSpire (22).
High Profile Ransomware Attacks in April
High profile incidents include an attack on UK retailer Marks & Spencer, which has been linked to the notorious Scattered Spider group.
The gang was also behind the infamous MGM International and Caesars Entertainment ransomware attacks in 2023.
German recycling manufacturer Eu-Rec GmbH was hit by an attack by SafePay in April, which contributed to the firm filing for insolvency.
Another notable ransomware incident in the report was a Rhysida attack on the Oregon Department of Environmental Quality (DEQ).
The DEQ confirmed it refused to pay a $2.7m ransom demand, but hasn’t addressed Rhysida’s claims that it stole over 2.5TB of data from the department.
Of the logged attacks in April, 24 were on government entities, 22 on healthcare organizations and 14 on education institutions.
The remaining 425 attacks were attributed to “businesses” by Comparitech.
