Cyberattack Volume Increases Fueled by 48% YOY Increase in Ransomware Attacks
Cyber threat actors had a busy October, with attack volume up 2% month-over-month and 5% year-over-year. In October, organizations experienced an average of 1,938 cyberattacks per week, according to the latest data from cybersecurity firm Check Point.
While attacks are up across all sectors, there was a 15% year-over-year fall in attacks on the health and medical sector, with 2,094 reported attacks in October. The biggest increases were seen in the agriculture (+71%) and information technology sectors (+48%). Education was the most targeted sector with 4,470 attacks, up 5% from October 2024. Latin America experienced the highest number of attacks, with attacks up 16% from October 2024, but the biggest increase was seen in North America, with an average of 1,464 attacks per week, up 18% from October 2024.
Check Point reports that the rise in attacks was fueled by the growing sophistication of ransomware, with attacks dramatically increasing in October. Check Point tracked 801 reported attacks in October, which is a 48% increase compared to September. While Latin America experiences more attacks than any other region, North America was the main target of ransomware groups, accounting for 62% of incidents, ahead of Europe with 19% of attack volume. In October, 57% of reported victims were in the United States, and there was a 56.8% increase in attacks compared to September.
Qilin was the most active ransomware group, accounting for 22.7% of attacks in October. The group has evolved into a sophisticated ransomware-as-a-service organization, attracting new affiliates due to its extensive affiliate support. Akira took second spot with 8.7% of attacks, and the recently emerged Sinobi ransomware group took third spot with 7.8% of attacks.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
While all three groups attack healthcare organizations, the healthcare sector appears to be a key focus of the Sinobi group. Sinobi is a ransomware-as-a-service group with a professional structure, highly skilled internal operators, and a team of carefully vetted affiliates. Sinobi primarily targets mid- to large-sized organizations, primarily in the United States and allied countries.
Sinobi claims on its dark web data leak site to have attacked East Jefferson General Hospital, Greater Mental Health of New York, Johnson Regional Medical Center, Judson Center, Middlesex Endodontics, Newmark Healthcare Services, Phoenix Village Dental, Queens Counseling for Change, South Atlanta Medical Clinic, and Watsonville Community Hospital since the group emerged in mid-2025.
Check Point also cautioned about the expanding risks associated with generative AI (GenAI) as enterprise use of GenAI tools continues to grow. One of the biggest threats is the exposure of sensitive data. Check Point reports that in October, 1 out of every 44 GenAI prompts submitted through business networks posed a high risk of sensitive data leakage, something that is especially concerning in healthcare due to the risk of exposure of protected health information.
Check Point reports that 87% of organizations that use GenAI tools regularly experience this type of sensitive data exposure, and many organizations are unaware of the risk. While workers use authorized and managed GenAI tools, on average, 11 different GenAI tools are used by organizations each month, most of which are likely to be unsupervised.
“As ransomware groups evolve and GenAI risks proliferate, organizations must strengthen their threat prevention, data security, and AI governance strategies to stay ahead of adversaries,” suggests Check Point.
