Ransomware attacks on the healthcare sector appear to be slowing down, leading cybercriminals to shift their focus to the retail sector . A recent report from BlackFog revealed that publicly disclosed ransomware attacks targeting the retail sector globally have surged by 58% in Q2 2025 compared to Q1 .
The findings follow a spate of attacks on high-profile retailers, including Marks & Spencer (M&S), The Co-op and Harrods . These incidents, linked to the Scattered Spider threat actor, have caused significant operational disruption and financial costs .
The healthcare sector, while still a target, is experiencing a relative decrease. This may be due to increased focus on cybersecurity and efforts to protect critical infrastructure . Nevertheless, ransomware attacks on hospitals remain a threat-to-life crime, jeopardizing hospitals' ability to provide patient care .
Several factors make the retail sector an attractive target for cybercriminals. Retail companies handle vast troves of customer data and payment information, making them prime targets from both extortion and data theft perspectives . Additionally, their complex supply chains mean that even short-term disruption can lead to significant financial fallout, increasing the likelihood of ransom payment .
The BlackFog report highlighted a 63% increase in disclosed ransomware incidents in Q2 2025 compared to the same period in 2024, with 276 confirmed attacks globally . April and May recorded 89 and 91 attacks respectively, the highest totals observed for those individual months since 2020 . Data exfiltration, in addition to or instead of data encryption, occurred in 95% of disclosed attacks in the quarter .
The researchers observed 53 active ransomware groups in Q2, with Qilin responsible for the highest proportion of disclosed attacks with 28, 10% of the total . The report also noted that 1446 ransomware attacks were not publicly disclosed during the period, a 19% increase compared to the same quarter in 2024 .
For the retail sector, the rise in ransomware attacks is a significant concern. In 2023, 69% of retail businesses were hit by ransomware . Almost three-quarters of these ransomware attacks resulted in data being encrypted, up from 68% and 54% in the two previous years . The average cost of a retail data breach in 2023 was $2.96 million, and the industry accounted for 6% of all data breaches worldwide, up from 5% the previous year .
Retail businesses are ever-popular targets for cybercriminals . From ransom-style attacks that use operational disruption as leverage to card skimming, retail and e-commerce businesses are straightforward propositions for financially motivated cybercriminals .
As the cyber threat landscape continues to evolve, both healthcare organizations and retail businesses must remain vigilant and implement robust cybersecurity measures to protect sensitive data and ensure business continuity .