US becomes ransomware capital of the world as attacks rise by almost 150 percent

News
By published

Most ransomware attacks happen in the US now

ransomware
Image credit: Pixabay (Image credit: Pixabay)
  • Ransomware attacks are rising quickly in the US
  • Hackers are focusing on data exfiltration
  • Oil and gas is growing increasingly popular among threat actors

The US is now the ransomware capital of the world. The majority of the attacks are targeting US organizations, and in the last year, the number of attacks has dramatically spiked. These are the conclusions echoed in the 2025 Ransomware Report, published by cybersecurity experts Zscaler ThreatLabz.

Using proprietary data, as well as samples and information collected from the wider internet, Zscaler’s researchers determined that 50% of all ransomware attacks in the last year happened in the United States, “significantly outpacing” Canada (5%) and the UK (4%).

Even when you combine all the attacks reported across the top 15 most-targeted countries, there are fewer than 3,671 that were reported in the US.

Stealing without encrypting

The number of attacks is also increasing. Year-on-year, it is up by 146% in the US, with manufacturing (1,063), technology (922), and healthcare (672) being the most-targeted industries, mostly for the potential for operational disruption, the sensitive of the stolen data, and the risk of regulatory pressure and reputational damage. Companies in the oil and gas sector saw a “staggering” increase in ransomware attacks - 900% year-on-year.

Zscaler also said that ransomware actors are increasingly abandoning the encryption part of the attack, and are focusing solely on data theft. In the last year, 10 of the biggest ransomware groups exfiltrated 238 TB of data, up 92% from last year’s 123 TB.

Right now, the biggest names in the ransomware space are RansomHub (833 victims), Akira (520), and Clop (488), but the number of threat actors is also rising. In the last year alone, the researchers identified 34 newly active ransomware families, bringing the total number up to 425.

Ransomware “flourishes” in environments with fragmented security, limited visibility, implicit trust, and outdated legacy architectures, Zscaler stresses, urging businesses to mitigate these threats by adopting a cloud-native, AI-driven, zero-trust architecture.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.