Comparitech reports ransomware surges 25% in October, hitting manufacturers, healthcare, transportation
New data from Comparitech shows ransomware attacks jumped 25% in October, climbing from 546 in September to 684. This marks a significant increase in attacks and the third-highest monthly total this year. Manufacturers remained the most targeted sector, accounting for nearly 19% of reported incidents (121), though attacks in this sector rose by a more modest 9% month over month.
The most active ransomware groups during the month were Qilin with 186 attacks, followed by Akira and Sinobi with 70 each, INC with 32, Play with 26, and DragonForce with 20. Qilin also led in confirmed attacks with 10, followed by Clop with four and RansomHouse with three. In cases where hackers disclosed data theft details, totaling 315 incidents, more than 162 terabytes of data were reportedly stolen, roughly an average of 516 gigabytes per breach.
Last week, Cisco Talos published data identifying that in the second half of 2025, the ransomware group Qilin continued publishing victim information on its leak site at a rate exceeding 40 cases per month, making it one of the most active and disruptive operations globally. The manufacturing sector remains the most targeted, followed by professional and scientific services and wholesale trade. While attribution remains uncertain, some of the attackers’ scripts contained character encodings suggesting links to Eastern Europe or a Russian-speaking region, though this may represent a false flag.