New data shows a 41% rise in ransomware attacks globally, with Business Services, Healthcare, and Manufacturing among the hardest hit

Highlights:

• Africa records the highest average number of attacks per org (3,374 per week),
• Nigeria has a record number of attacks at 6101 weekly attacks per organisation (+67% YoY)
• 1,947 cyberattacks/week per org globally (+5% YoY)
• Most targeted sectors in Africa: Telecommunications, Government, Financial Services
• Fastest-growing target: Agriculture (+115% YoY)
• Top ransomware-hit industries: Business Services, Healthcare, Manufacturing
• Top ransomware groups: Qilin, Akira, Play

Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader of cyber security solutions, today released its Global Threat Intelligence Report for July 2025, revealing a sharp escalation in both the scale and sophistication of cyberattacks.

In the last month, Africa has experienced the highest average number of cyber-attacks per organisation, with an average of 3,374 attacks per week, reflecting a 7% increase compared to the same period in 2024 and followed by APAC with 2,809 attacks (an increase of 6% YoY) and Latin America with 2,783 (an increase of 4% YoY).

 In Africa, the top three most targeted sectors were Telecommunications, Government and Financial Services, closely followed by Energy and Utilities.

Figures supplied for countries in Africa show Nigeria as hardest hit with 6101 attacks per organisation per week (+67% YoY), Kenya at 3468 weekly attacks per organisation, Angola at 3731 weekly attacks per organisation, and South Africa at 2113 weekly attacks per organisation.

 "For organisations in Africa, these figures are particularly concerning. While Africa rapidly rolls out digital transformation strategies, its cyber security defenses are lagging. Prevention-first strategies, powered by AI, are the only way to stay ahead," says Lorna Hardie, Regional Director: Africa, Check Point Software Technologies.

In July, organisations faced an average of 1,947 cyberattacks per week, up 5% year-on-year. The Education sector was the most targeted globally, averaging 4,210 weekly attacks per organisation (+24% YoY), followed by Government (2,577) and Healthcare & Medical (2,538). The agriculture sector experienced the steepest rise, with a 115% YoY increase. 

Ransomware incidents surged, with 487 attacks reported in July, a 41% increase year-on-year. North America accounted for 56% of all reported ransomware cases, followed by Europe at 24%.

"July's data shows ransomware is not only here to stay, but is evolving rapidly, with groups like Qilin expanding their reach into high-value targets," said Lotem Finkelstein, Director, Threat Intelligence and Research at Check Point Software Technologies. "These attacks are hitting every corner of the globe and every type of organisation."

Top ransomware groups – July 2025

Ransomware remained one of the most disruptive threats in July 2025, with a few highly active groups responsible for much of the global activity. The three most prominent were Qilin, Akira and Play, each using different techniques but sharing the same goal, maximum impact and financial gain.

• Qilin (Agenda) – Responsible for 17% of all known ransomware incidents in July, Qilin operates as a ransomware-as-a-service (RaaS) platform. Written in Golang, it is known for targeting large enterprises in healthcare and education. Qilin typically gains access via phishing emails with malicious links, then moves laterally to encrypt systems and exfiltrate sensitive data for double-extortion.
• Akira – Accounted for 9% of ransomware cases in July. Active since early 2023, Akira targets both Windows and Linux systems using symmetric encryption (CryptGenRandom() and Chacha 2008). Often spreads via compromised VPN endpoints or malicious email attachments. Appends a ".akira" extension to encrypted files and demands ransom for decryption keys.
• Play (PlayCrypt) – Made up 6% of ransomware incidents in July. First seen in 2022, Play has attacked over 300 organisations worldwide, including critical infrastructure. Gains access through stolen credentials or unpatched vulnerabilities such as in Fortinet SSL VPNs, and uses "living-off-the-land" binaries (LOLBins) for stealthy data theft before encryption.

Top ransomware-hit industries – July 2025

1. Business Services – 10.5%
2. Healthcare & Medical – 9.7%
3. Industrial Manufacturing – 9.4%
4. Construction & Engineering – 9.2%
5. Consumer Goods & Services – 7.2%
6. Financial Services – 6.2%
7. Education – 4.7%
8. Energy & Utilities – 4.1%
9. Hospitality, Travel & Recreation – 4.1%
10. Information Technology – 3.9%
11. Real Estate Rentals & Leasing – 3.7%
12. Government – 3.5%
13. Transportation & Logistics – 3.3%
14. Automotive – 3.1%
15. Associations & Non-Profits – 2.7%
16. Agriculture – 2.5%
17. Wholesale & Distribution – 2.3%
18. Telecommunications – 2.1%
19. Hardware & Semiconductors – 1.2%
20. Media & Entertainment – 1.2%
21. Aerospace & Defence – 0.8%
22. Biotech & Pharmaceuticals – 0.6%
23. Software – 0.6%

"The July 2025 threat landscape underscores a clear reality, no industry, region or organisation is immune. As ransomware groups diversify their tactics and target new verticals, the risk to businesses of all sizes continues to grow," says Hardie.

"Prevention-first, AI-powered security strategies remain the most effective way to stop these attacks before they cause damage," she adds.

Check Point Research will continue to track these trends and provide actionable intelligence to help organisations stay ahead of emerging threats.  For the full July 2025 Global Threat Index and additional insights, visit the Check Point Blog. 

 Follow Check Point via:  

LinkedIn: https://www.linkedin.com/company/check-point-software-technologies?? 

X:?https://www.twitter.com/checkpointsw? 

Facebook:?https://www.facebook.com/checkpointsoftware? 

Blog: https://blog.checkpoint.com?? 

YouTube:?https://www.youtube.com/user/CPGlobal? 

 About Check Point Research

Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyses global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs. 

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading protector of digital trust, utilising AI-powered cyber security solutions to safeguard over 100,000 organisations globally. Through its Infinity Platform and an open garden ecosystem, Check Point's prevention-first approach delivers industry-leading security efficacy while reducing risk. Employing a hybrid mesh network architecture with SASE at its core, the Infinity Platform unifies the management of on-premises, cloud, and workspace environments to offer flexibility, simplicity and scale for enterprises and service providers.

Legal Notice Regarding Forward-Looking Statements

This press release contains forward-looking statements. Forward-looking statements?generally relate to future events or our future financial or operating performance.?Forward-looking statements in this press release include, but are not limited to, statements related to our expectations regarding future growth, the expansion of Check Point's industry leadership, the enhancement of shareholder value and the delivery of an industry-leading cyber security platform to customers worldwide. Our expectations and beliefs regarding these matters may not materialise, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the Securities and Exchange Commission on April 2, 2024. The forward-looking statements in this press release are?based on information available to Check Point as of the date hereof, and Check Point disclaims any obligation to update any forward-looking statements, except as required by law.