{"id":1494,"date":"2025-07-21T01:52:33","date_gmt":"2025-07-21T01:52:33","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/07\/21\/retail-ransomware-attacks-jump-58-globally-in-q2-2025\/"},"modified":"2025-07-21T01:52:33","modified_gmt":"2025-07-21T01:52:33","slug":"retail-ransomware-attacks-jump-58-globally-in-q2-2025","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/07\/21\/retail-ransomware-attacks-jump-58-globally-in-q2-2025\/","title":{"rendered":"Retail Ransomware Attacks Jump 58% Globally in Q2 2025"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n
\n

Publicly disclosed ransomware attacks targeting the retail sector globally have surged by 58% in Q2 2025 compared to Q1, with UK-based firms bearing the brunt of this targeting, according to new data from BlackFog.<\/p>\n

The findings follow a spate of high-profile retailers reporting attacks during April-June 2025.<\/p>\n

This includes the trio of ransomware attacks on UK brands Marks & Spencer (M&S), The Co-op and Harrods in late April, which have been linked to the Scattered Spider threat actor.<\/p>\n

These incidents have caused significant operational disruption and financial costs for the victims.<\/p>\n

On July 10, four individuals were arrested by UK law enforcement on suspicion of involvement in the attacks.<\/p>\n

Other notable retail brands impacted by cyber-incidents in the period include Dior, Adidas, Louis\u00a0Vuitton, Cartier and Victoria\u2019s Secret.<\/p>\n

The BlackFog report, published on July 16, noted that the retail sector has become a prime target for ransomware groups as these organizations often have complex supply chains, meaning even short-term disruption and financial fallout.<\/p>\n

\u201cThe urgency to restore services often translates into a higher likelihood of ransom payment – an attractive incentive for cybercriminals. Additionally, retail companies handle vast troves of customer data and payment information, making them prime targets from both extortion and data theft perspectives,\u201d the researchers noted.<\/p>\n

Ransomware Attacks Rise 113% Year-Over-Year<\/strong><\/h2>\n

The new report highlighted a 63% increase in disclosed ransomware incidents in Q2 2025 compared to the same period in 2024, with 276 confirmed attacks globally.<\/p>\n

April and May recorded 89 and 91 attacks, respectively, the highest totals observed for those individual months since 2020.<\/p>\n

Data exfiltration, in addition to or instead of data encryption, occurred in 95% of disclosed attacks in the quarter.<\/p>\n

Healthcare was the most targeted industry with 52 attacks (18.8%), followed by government with 45 attacks (16.3%) and services with 33 attacks (12%).<\/p>\n<\/p><\/div>\n

\"Source:
Source: BlackFog<\/figcaption><\/figure>\n
\n

The researchers observed 53 active ransomware groups in Q2. Qilin was responsible for the highest proportion of disclosed attacks with 28, 10% of the total.<\/p>\n

The next most active group was INC Ransom (12 attacks), Interlock (nine attacks), Akira (seven attacks) and Medusa (seven attacks).<\/p>\n

Over a third (35%) of attacks remain unclaimed by ransomware groups.<\/p>\n

Ransomware attacks were observed impacting organizations in 88 countries around the world, including smaller nations such as Tonga, Haiti, Fiji and Barbados.<\/p>\n

Most Ransomware Attacks Not Publicly Reported<\/strong><\/h2>\n

The researchers observed that 1446 ransomware attacks were not publicly disclosed during the period, a 19% increase compared to the same quarter in 2024.<\/p>\n

This meant that for every 100 undisclosed incidents, only about 19 were publicly acknowledged, highlighting a substantial gap in visibility.<\/p>\n

Qilin was the most active group for undisclosed incidents, making up 15% of the total.<\/p>\n

The industry with the highest proportion of undisclosed ransomware incidents was services (23%) followed manufacturing (21%).<\/p>\n<\/p><\/div>\n

\"Source:
Source: BlackFog<\/figcaption><\/figure>\n
\n

On July 8, M&S chairman Archie Norman testified to the UK Parliament that he was aware that a large number of attacks do not get reported in the UK, he claimed to be aware of \u00a0unreported attacks on two large firms in the past four months.<\/p>\n

All recorded ransomware events included in the BlackFog report were based upon data exfiltration from the device endpoint across all major platforms.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Publicly disclosed ransomware attacks targeting the retail sector globally have surged by 58% in Q2 2025 compared to Q1, with UK-based firms bearing the brunt of this targeting, according to new data from BlackFog. The findings follow a spate of high-profile retailers reporting attacks during April-June 2025. This includes the trio of ransomware attacks on<\/p>\n","protected":false},"author":2,"featured_media":1495,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1494-ea9e17d3-96ba-4f5e-a38a-bd536ec12ebe-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/1494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=1494"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/1494\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/1495"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=1494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=1494"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=1494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}