The threat of ransomware has become a primary cause of worry, threatening organizations of their data, operations, and gravely impacting their reputation.

 In 2025, ransomware has threatened industries, with ransomware attacks severely impacting healthcare, manufacturing, financial, technological, and educational sectors. In 2026, cybercriminals will leverage AI and ML to amplify their terror through undetectable tactics and improved performance. Businesses will have to proactively secure their most precious information assets and take measures for early detection and response to threats.

Let us explore some of the most prominent ransomware attacks throughout 2024-2025, but first, let us look at some facts that reflect the negative impact of ransomware on businesses

Some ransomware facts (2025)

• The highest ransom paid was paid to the Devils angels ransomware group amounting to $75 million!
• Ransomware was part of 44% of all investigated data breaches
• There was a 58% increase in ransomware attacks in 2025
• 32% of ransomware attacks were orchestrated through exploitation of vulnerabilities.

(source – Verizon DBIR 2025, SOCRadar, Guidepoint). 

(Source – SocRadar, Check Point Research, Ransomwarelive) 

1. Salesforce Ransomware Attack

About the victim

Salesforce is a California-based software company that offers customer service, sales, marketing automation, and applications. It was founded in 1999 and was the 61st largest company in the world by market capitalization.

What happened?

Salesforce was targeted by a ransomware attack that was orchestrated by Shiny Hunters and Scattered Spider.

When did it happen?

June 30th, 2025

What did it cost?

The Salesforce data breach compromised more than 1 billion records and impacted more than 200 organizations globally.

2. Community Health Center Ransomware Attack

About the victim

Community Health Center is a preventive healthcare services provider based in Connecticut known for its range of services that include behavioural, dental, and medical services.

What happened?

The healthcare services provider detected unauthorized access in their systems in January 2025. It quickly deployed its incident response actions and notified the affected parties.

When did it happen?

January 2025

What did it cost?

The Community Health Center data breach compromised the data of more than 1 million patients, including their guardians and parents.

3. Grubhub Ransomware Attack

About the victim

Grubhub is a Chicago-based food delivery service provider with more than 19.9 million users. It delivers services in 3200 cities in the United States.

What happened?

Grubhub discovered unauthorized access to its systems. The Shiny Hunters ransomware group claimed responsibility for the ransomware attack.

When did it happen?

3rd February 2025

What did it cost?

The attack compromised sensitive information of Grubhub’s users, drivers, campus diners, and merchants, including their names, phone numbers, addresses, and email addresses.

4. Qantas airlines ransomware attack

About the victim

Quantas is one of the largest domestic and international airline companies in Australia, serving customers across the region and operating flights to all seven continents.  

What happened?

Qantas became a victim of a ransomware attack orchestrated by the Scattered Lapsus$ ransomware group, which stole and encrypted its information.

When did it happen?

30th June 2025

What did it cost?

The ransomware attack compromised the personal information of approximately six million customers, including their birthdates, names, addresses, and frequent flyer numbers.

5. DBS and Bank of China Singapore hit by cyberattack

About the victim

DBS is a Singapore-based company that offers banking and finance-related services for wealth management and insurance. The Bank of China, Singapore, offers a range of services, including investment and corporate & personal banking.

What happened?

Toppan Next Tech (TNT), a printing vendor for DBS and Bank of China, Singapore, became a victim of a ransomware attack. The attack was carried out by the Akira ransomware group.

When did it happen?

1st April 2025

What did it cost?

The attack compromised the information of the DBS and Bank of China customers, including the names, addresses, banking information, and loan-related details.

6. Collins aerospace ransomware attack

About the victim

Collins Aerospace is a company that specializes in aviation and defense technology offering designing manufacturing service systems for all the commercial, aviation, military, and defense sectors.

What happened?

Collins Aerospace detected unauthorized access to its systems that disrupted operations in several European airports including Berlin, Heathrow and Brussels.

When did it happen?

18 September

What did it cost?

The cyber attack caused a significant disruption in flight operation across Europe causing longer wait time for passengers and delays in customer check-in, backage drop and other operations.

7. Powerschool ransomware attack

About the victim

PowerSchool is a popular software provider to the education sector in more than 90 countries. Over 18000 schools in the United States use PowerSchool for attendance, student information management, and parent related correspondence.

What happened?

PowerSchool’s customer support portal was initially breached using credentials that were previously compromised which allowed hackers to gain access to Student Information System that comprised of all the student and staff related data.

When did it happen?

Dec 28, 2024 (discovered) Jan 7, 2025 (notified)

What did it cost?

Data of over 45 million students and parents was compromised impacting more than thousand schools in the United States. The data compromised includes names, addresses, birth dates, social security numbers, medical information and academic records.

8. UK NHA ransomware attack

About the victim

The NHS is the single largest healthcare services provider in the UK, comprising NHS Scotland, Health and Social Care, and the National Health Service.

What happened?

Synnovis, a pathology testing organization linked to the NHS UK, was targeted by a ransomware attack that compromised its systems.

When did it happen?

3 June 2025

What did it cost?

The ransomware attack compromised 400 GB of personal information, including names, blood test-related information, and NHS information. It also caused a massive disruption across 3000 hospitals.

9. Oracle E-Business Suite ransomware attack

About the victim

Oracle is a global software solutions provider known for its Enterprise Resource Planning solutions and computing software.

What happened?

The Cl0p ransomware group exploited a zero-day vulnerability in Oracle’s E-Business Suite to gain unauthenticated access to sensitive data.

When did it happen?

September 2025

What did it cost?

Around 30 companies have publicly disclosed that they have been affected, and over 100 companies have been exposed by the attack.

10. The Jaguar land rover cyber attack

About the victim

Jaguar Land Rover is a manufacturer of luxury sport utility vehicles based in the UK. It is a Tata Motors subsidiary and one of the biggest employers in the UK, with a team size of over 33000 employees.

What happened?

JLR became a victim of a ransomware attack that was orchestrated by the Shiny Hunters ransomware group, which disrupted its operations and stole its data. 

When did it happen?

3rd September 2025

What did it cost?

The cyber attack is one of the biggest cyber attacks in the history of the UK, costing the economy an estimated loss of over $2.5 billion. It halted production in its major plants and impacted over 5000 suppliers, resulting in a revenue loss of $735 million.