AI-driven ransomware attacks surge, most go unreported

Ransomware attacks rose sharply in 2025, with publicly disclosed incidents up 49% year on year to a record 1,174 cases, according to BlackFog's latest State of Ransomware report. The analysis also points to substantial ransomware activity that never reaches official disclosures or public reporting. Based on victims named by ransomware groups on dark web leak sites, BlackFog recorded a 37% increase in undisclosed attacks from 2024 to 2025. The report puts the number of victims announced on leak sites at 7,079 in 2025. Comparing publicly disclosed incidents with victims listed by attackers, it estimates that around 86% of ransomware attacks are never publicly reported. The report argues that 2025 marked the arrival of large-scale, AI-enabled attacks. It cites an incident in which attackers hijacked Anthropic's Claude model and used it to autonomously perform reconnaissance, exploitation, and data theft. BlackFog describes the incident as a first-of-its-kind AI-led cyberattack and links it to a shift in attacker priorities, with speed, scale, and stealth taking precedence over disruption. Healthcare remained the most targeted sector by volume, accounting for 22% of all disclosed ransomware attacks in 2025. The services industry recorded the steepest change, with a 118% year-on-year increase. Among publicly disclosed incidents, the United States remained the primary target, accounting for 58% of recorded attacks. Australia and the UK followed, with 110 and 42 attacks, respectively.