Ransomware Attacks Surge in Retail: 2025 Cybercrime Trends
Retail Ransomware Attacks Jump 58% Globally in Q2 2025
Publicly disclosed ransomware attacks targeting the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms heavily impacted, according to data from BlackFog. High-profile attacks reported in April-June 2025 included incidents affecting Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the Scattered Spider threat actor. These incidents led to significant operational disruptions and financial costs for the victims.
Four individuals were arrested by UK law enforcement on July 10, suspected of involvement in these attacks. Other notable brands affected include Dior, Adidas, and Louis Vuitton.
The BlackFog report released on July 16 indicated that complex supply chains in the retail sector make these organizations prime targets for ransomware groups. The urgent need to restore services often increases the likelihood of ransom payment, making retailers attractive targets for cybercriminals.
Ransomware Attacks Rise 113% Year-Over-Year
The report also highlighted a 63% increase in disclosed ransomware incidents in Q2 2025 compared to the same period in 2024, with 276 confirmed attacks globally. Healthcare was the most targeted industry, followed by government and services. Data exfiltration was observed in 95% of disclosed attacks.
The report identified 53 active ransomware groups in Q2, with Qilin responsible for the highest proportion of attacks, totaling 28. Other notable groups included INC Ransom and Akira.
Most Ransomware Attacks Not Publicly Reported
A significant gap in visibility was noted, with 1,446 ransomware attacks not publicly disclosed during the period. Qilin was the most active group for undisclosed incidents, comprising 15% of the total. The services and manufacturing industries had the highest proportions of undisclosed incidents.
Cybercrime Statistics 2025: Rising AI Threats & Global Impact
In 2025, the global cost of cybercrime is projected to reach $10.29 trillion. This figure is expected to climb further, reaching $11.36 trillion by 2026. By 2028, the estimated cost could soar to $13.82 trillion. The global volume of reported cybercrimes is projected to surpass 7.8 million cases by the end of 2025, with India, Brazil, and the United States leading in reported cases.
The most common types of cybercrime in 2025 include phishing, business email compromise (BEC) scams, and ransomware. Phishing accounted for 39% of all attacks, while ransomware represented 27%. The healthcare sector suffers the highest average cost per data breach at $9.77 million.
Ransomware Attacks Dip in May Despite Persistent Retail Targeting
Despite a decline in overall ransomware attacks for the third consecutive month in May 2025, the retail sector continues to face persistent threats. NCC Group recorded 393 attacks in May, a 6% decrease from April, with notable incidents affecting retailers like M&S and The Co-op.
How Cybersecurity Threats Are Targeting Retail Network Infrastructures
Retailers face significant cybersecurity challenges as they integrate advanced systems like cloud computing and IoT devices. Legacy hardware poses risks due to outdated security features, leading to potential exploits. Cyber incidents can have severe financial implications, as the average data breach cost in retail continues to escalate.
UK Authorities Arrest Four People in Probe of Retail Cyberattack Spree
Four individuals were arrested in the U.K. on July 10 in connection with a National Crime Agency investigation into a series of cyberattacks on retailers including Harrods, M&S, and The Co-op. The suspects face charges related to cybercrime and are believed to be affiliated with the Scattered Spider group.
Explore our services or contact us at undefined to safeguard your operations against these evolving threats.
