Qilin ransomware emerged as the most active ransomware group in 2025, with 701 claimed attacks and 116 TB of data stolen. Operating under a ransomware-as-a-service (RaaS) model, Qilin has seen a surge in activity following the shutdown of RansomHub.

A newly emerged ransomware group, Genesis, has claimed responsibility for nine data breaches across U.S.-based organizations, including healthcare, legal, financial, manufacturing, and retail sectors.

Grand Traverse County, Michigan has disclosed a data breach that compromised the personal information of 782 individuals, including names and SSNs. The breach was discovered following unauthorized activity within the county’s network environment.

Kearney Public Schools in Nebraska experienced a ransomware attack attributed to the Interlock gang, which claims to have stolen 354 GB of sensitive data, including personal, financial, and third-party information.

Strategic Retail Partners (SRP), a major North American merchandise distributor, experienced a ransomware attack in February 2025, with the Medusa gang claiming responsibility. The breach exposed sensitive personal data.

The Institute of Culinary Education (ICE) has disclosed a ransomware attack affecting 33,342 individuals. The ransomware group Payouts King claimed responsibility, stating it exfiltrated 1.5 TB of data.

The Qilin ransomware group has claimed responsibility for a cyberattack on Mecklenburg County Public Schools (MCPS) in Virginia, which occurred in September 2025. The group alleges it exfiltrated 305 GB of sensitive data.

The Fort Wayne Medical Education Program (FWMEP), a medical residency program in Indiana, has disclosed a ransomware attack that compromised the personal data of 29,485 individuals, including employees and their dependents.

Union County, Ohio has disclosed a ransomware attack that compromised the personal data of 45,487 individuals. The breach exposed sensitive information including Social Security numbers, payment card and financial account details, and more.

Madison Elementary School District 38 (MESD) in Phoenix, Arizona, has notified 35,000 individuals of a data breach following a ransomware attack attributed to the Interlock group in April 2025.