banner ad
Event Calendar Event List It's Showtime!
Online Flipbook Archives Breaking News Advisory Board Street Smarts Legacy HTML
Banner Ads Skyscraper Ads Paperless Ads Forum Ads
The Merchant Store North Merchants Bancard Network Inc. Maverick Payments bluu
Dashboard Ad Specifications Production Dates Rate Card
News From the Wire

19:53:20 (UTC) 09-17-2025

Cordell & Cordell a Key Partner for LawFi legal fee loans

18:15:23 (UTC) 09-17-2025

Wrike appoints George Saadeh as Chief Revenue Officer

18:13:54 (UTC) 09-17-2025

Account takeover attacks surge 122% in fintech, agentic commerce adoption looms

18:11:26 (UTC) 09-17-2025

Cyber threat groups collaborate while attack levels stagnate

17:22:42 (UTC) 09-17-2025

US Payments Forum releases Summer Market Snapshot

17:16:12 (UTC) 09-17-2025

My Instant AI expands prepaid platform with CHARM✨ vibe coding tool

17:06:17 (UTC) 09-17-2025

Bluefin, VGS partner to deliver omnichannel payment management

16:24:49 (UTC) 09-17-2025

Flywire enhances Student Financial Software and U.S. Loans solutions

News from the Wire

Cyber threat groups collaborate while attack levels stagnate

Wednesday, September 17, 2025 — 18:11:26 (UTC)

Manchester, U.K., Sept. 17, 2025—· Global ransomware volume decreased by 13% in August, with 328 attacks – the fifth consecutive month where attacks remained below 500 per month

· Qilin was responsible for 16% (53) of all attacks, making it the most active threat group in August · Industrials remained the most targeted sector, experiencing 37% of all attacks, compared to 27% in July · 81% of global attacks took place in North America and Europe · Scattered Spider’s connections to Ransomware-as-a-Service groups highlights how dynamics in the threat landscape are evolving for more effective attacks

For five consecutive months, ransomware attacks have remained below 500, according to a new report out today from NCC Group. There were 328 attacks in August, marking a 13% decline from July.

Compared to the spike of activity in February and March - when Cl0p bulk released its victims - recent ransomware levels appear quiet. But average attack volume from April to August largely reflects the same period in 2024, still posing a significant threat.

Industrials, North America and Europe take big hits

Industrials remains the most targeted sector with 121 attacks, jumping 10% from July, to 37% in August. Consumer Discretionary (which includes automotive manufacturers, retail businesses, and leisure facilities) followed with 66 attacks, while Information Technology (IT) trailed in third with 31 attacks. The attack on Miljödata, the IT provider for 80% of Sweden’s municipalities, had significant impact, crippling HR systems across 200 local Governments.

North America and Europe accounted for over three quarters of all global attacks, amounting to 81%. Asia experienced 9% of attacks, and South America was targeted with 4% of attacks.

Qilin takes another leap forward

Qilin led the pack in August taking responsibility for 16% of attacks (53). This comes after the threat group fell to joint second most active in July, following its rise in June. Safepay and Akira remain high on the leaderboard, with 26 and 43 attacks respectively.

Domination in collaboration: Scattered Spider and RaaS operators join forces

Scattered Spider uses Ransomware-as-a-Service (RaaS) operators to deliver technical output in ransomware attacks, leaving it to focus on its speciality – sophisticated social engineering techniques. It’s possible that Scattered Spider chooses RaaS operators based on financial incentives, with groups such as ALPHV, RansomHub, DragonForce, and Qilin offering at least 80% commission to affiliates.

By combining skillsets with RaaS groups, Scattered Spider can produce more sophisticated outputs, causing wider disruption to its victims. Partnerships can also sustain ransomware activity during law enforcement operations. If one operator goes down, another can migrate between platforms to continue attacks. Law enforcement must adapt to this dynamic of collaboration, to take down cyber criminals.

Cyber developments from tariff tension

Escalating geopolitical tensions are partly the result of a growing relationship between India, China, and Russia. US tariffs on Indian imports, which took effect in August, are expected to damage Indian businesses and have triggered a boycott of US products. Potentially reversing three decades of relationship building between the US and India, in similar times of political volatility, we often see threat groups leverage weak global relations.

Matt Hull, head of Threat Intelligence at NCC Group said: “There’s more than meets the eye to attack levels plateauing in recent months. Spikes earlier in the year have dwarfed today’s numbers, but the volume is far from low. Despite how the graphs look at first glance, criminal partnerships signify why cyber resilience must be a first port of call for businesses and governments.

“Scattered Spider is accumulating headlines from its attacks and signature, sophisticated social engineering techniques. But its collaboration with Ransomware-as-a-Service (RaaS) operators is key in its disruption of global giants. The ransomware landscape operates in a ruthless, business-like structure, which needs to be considered when defenses are being implemented.”

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.

Source: Company press release.

Categories: Reports and research

skyscraper ad
  • Home
  • Forums
  • Emagazine
  • Flipbook
  • News From the Wire
  • Breaking News
  • Ad Page
  • Podcasts
  • Calendar of Events
  • Community Voices
  • Resource Guide
  • Advisory Board

    • © 1983-2025 The Green Sheet, Inc.