American companies are the main target of ransomware in 2025 so far.
Small and medium-sized enterprises in the manufacturing sector are being significantly affected.
Until now in 2025, companies in the United States have been the primary target of ransomware attacks, accounting for nearly half of all reported incidents so far this year. This data comes from an analysis conducted by a threat exposure management platform, which examined information on the dark web to gather statistics for the first quarter of 2025.
The report reveals that 2,440 new cases of ransomware were reported on the dark web, representing an 84% increase compared to the same period last year, which had 1,325 cases. Of this number, 990 cases (41%) involved U.S. companies, making the United States the most affected country globally, far ahead of Canada, which had only 105 cases. It is followed by the United Kingdom with 74, Germany with 56, France with 42, and India with 42.
The most affected industries include manufacturing, information technology, and professional services. According to a cybersecurity expert, this is due to the abundance of companies with high capital. The concentration of wealthy businesses that have cyber insurance policies including ransom coverage makes the U.S. an attractive target for hackers. Furthermore, the U.S. economy is highly digitized, and the interconnectedness of systems, cloud technologies, and remote work environments increases the opportunities for ransomware attacks to infiltrate.
Specifically, the manufacturing sector was the hardest hit, registering 273 cases, followed by the IT sector with 172 and professional services with 116. Interestingly, most of these affected companies are small to medium-sized, rather than large corporations, with those earning $10M to $50M and employing between 51 and 200 being the most vulnerable in the first quarter of the year.
Ransomware remains one of the most destructive cybercriminal operations, and each day it poses a growing threat, as cybercriminals find new ways to implement their attacks and exploit artificial intelligence to maximize their impact. With the constant increase in the number of attacks, the complexity of ransomware groups is also on the rise. These groups are exploiting zero-day vulnerabilities more rapidly and using the ransomware-as-a-service model to expand their reach. Many organizations still face issues such as outdated systems and poor credential security, making them easy targets. No company, regardless of size, is safe from this threat.
