January 2025 saw some high profile attacks and no shortage of bad news for the US healthcare sector. The New York Blood Center Enterprises was hit by ransomware in late January, forcing it to take systems offline and reschedule blood donations​, and Frederick Health confirmed a ransomware attack that forced the Maryland hospital network to shut down IT systems and cancel some patient appointments​.

UnitedHealth Group also confirmed that the ransomware attack in January 2024 that disrupted claims processing at its Change Healthcare unit​ exposed the personal data of up to 190 million people, making it the largest healthcare data compromise in US history​.

Babuk 2, Akira, and Cl0p were the most active groups, with Cl0p continuing its resurgence after over a year of near-dormancy.

The USA was the most attacked country in January 2025, while there were noteworthy increases in attacks on India and Brazil.

Manufacturing was the most attacked sector in January 2025, outstripping even the technology sector.

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
• Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

To learn more about ransomware and the gangs that terrorize businesses worldwide, download the 2025 State of Malware report.