Global trackers recorded a clear drop in ransomware during April 2025. NCC Group counted 416 incidents, 31% fewer than the month before, in its Monthly Threat Pulse. Comparitech logged 479 attacks, this really is a drop from the 973 seen in February.
Rebecca Moody, Head of Data Research at Comparitech, connected the quieter month to the sudden silence of RansomHub after 31 March. Fewer leak-site posts translated into fewer public claims.
NCC Group still placed the greatest share of activity in North America at 211 incidents, while Europe registered 110. Matt Hull, Head of Threat Intelligence at NCC Group, said, “While the number of reported ransomware victims declined further in April, it would be a mistake to assume that this is a sign that the threat is fading.”
What Did UK Retailers Recently Experience?
You’ll remember that April had really proved rough for some of the famous UK stores. The National Cyber Security Centre confirmed help for affected businesses. NCSC Chief Executive Dr Richard Horne said, “The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.”
Retail tills cannot stand still for long. NCC Group acknowledges that every minute offline does hit turnover and risks customer data. The value of payment records and loyalty files turns grocery chains and luxury brands alike into prized targets.
Scattered Spider added public pressure from leak portals and advertising stolen files to taunting victims. The tactic raises ransom stakes and markets the gang’s skills to new recruits.
NCSC advisors circulated guidance to the retail community, stressing secure backups, multi-factor sign-in, and rehearsed recovery drills.
What Are The New Ways That Threaten Encryption Malware?
NCC Group mentioned weaponised PDF files. Attackers pack code or persuasive text into routine documents, luring staff to open an attachment that grants an initial foothold. Remote and hybrid work blurs home and office hardware, giving tainted files more routes to corporate networks.
Comparitech’s log shows ransom notes growing larger even as volumes ease… Rhysida demanded $2.7 million from Oregon’s Department of Environmental Quality, while hackers pressed the Virgin Islands Lottery for $1 million. Big figures promise fast paydays even when attack counts die down.
April also brought 9 confirmed hits on government bodies and 6 on hospitals or clinics. Medical records fetch high sums on dark web forums, and councils handle personal details that cannot be replaced, so both sectors draw steady harassment.
More from Cybersecurity
- How To Keep Your Business Safe From Cyber Attacks
- INE Security Partners With Abadnet Institute For Cybersecurity Training Programmes in Saudi Arabia
- INE Security Alert: Top 5 Takeaways From RSAC 2025
- Experts Share: How Should Startups Protect Their Data In 2025?
- Co-op Cyber Attack: What Does It Mean For UK Retailers and Consumers?
- Experts Comment: 23andMe Bankruptcy – How To Protect Your Data
- European Cyber Report 2025: 137% More DDoS Attacks Than Last Year
- New Study Shows Cybersecurity Trends In The UK
How Will Threaten The Cyber World?
A new NCSC paper launched at the CYBERUK conference describes AI as a force that will “almost certainly” shorten the time between a weakness going public and crooks seizing it. Paul Chichester, Director of Operations at the centre, warned, “We know AI is transforming the cyber threat landscape, expanding attack surfaces, increasing the volume of threats, and accelerating malicious capabilities.”
The study foresees well-funded organisations using advanced models and zero-day research to strike even faster. At the same time, lower-tier crews can rent AI-powered kits, cutting entry barriers further.
AI also helps defense, scanning code and network traffic at machine speed. The report, though, foresees a divide between organisations that keep tooling current and those that fall behind, bringing overall danger for the United Kingdom.
Rapid rollouts of chatbots and recommendation engines can backfire if security checks lag. The paper lists hazard vectors such as prompt injection, poor configuration and careless data storage.
Government guidance now urges boards to weigh AI projects against strict security baselines, treating model access and training data with the same care given to payment systems.
How Can Organisations Stay Prepared?
NCC Group advises boards to weave basic cyber hygiene through every team. Regular patch schedules, strong identity checks, and tested restore plans cut downtime and rob extortion crews of leverage. Hull said that a “strong and embedded security culture is no longer optional”.
The NCSC urges thst companies refer to its Cyber Assessment Framework and 10-step advice pages. Staff vigilance is still important, and because weaponised PDFs rely on curiosity, regular drills and clear reporting channels lower risk.
Dr Horne urged leaders to act before the next wave builds because customer trust depends on it. April’s lower headline numbers buy time, nothing more.
Security teams that log breaches honestly, share threat data, and invest in prompt recovery stand a far better chance of keeping cash registers ringing and hospital wards running when the next encryption crew comes knocking.
