Ransomware campaigns against government institutions have surged dramatically in 2025, marking the 36th year since the first ransomware attack was recorded.
According to new data from Trustwave, A LevelBlue Company, nearly 200 public sector entities worldwide have fallen victim so far this year, an alarming indicator of an escalating cyber crisis affecting critical infrastructure, digital governance, and public trust.
Public Sector Under Targeted Siege
Trustwave SpiderLabs researchers report that ransomware actors such as Babuk2, Qilin, INC Ransom, FunkSec, and Medusa have dominated the public-sector threat landscape in 2025.
Babuk2 leads with 43 confirmed victims, followed by Qilin with 21. These groups frequently deploy double-extortion tactics, encrypting mission-critical files while exfiltrating sensitive data to pressure agencies into payment.
Supporting threat groups like Rhysida, SafePay, and DragonForce further contribute to this rapidly diversifying and decentralized ransomware ecosystem.
The United States remains the most targeted nation, recording 69 confirmed attacks against government organizations this year, followed by Canada, the UK, France, and emerging economies like India, Pakistan, and Indonesia.
The trend underscores global vulnerability: although advanced nations suffer from scale and data value, emerging economies face challenges linked to rapid digitalization and underfunded cybersecurity capabilities.
Surge in Government Ransom Demands
Comparitech’s first-half 2025 data shows an overall 47% increase in ransomware incidents compared to 2024, with attacks on government entities rising by an even steeper 60%.
Ransom demands targeting the public sector have averaged a striking $6.7 million per incident, the highest across all industries.
More than 17 million data records were compromised in these attacks during the first six months of 2025, compounding operational downtime costs that had already totaled $1.09 billion between 2018 and 2024.
Researchers attribute the acceleration to the proliferation of ransomware-as-a-service (RaaS) platforms that lower the entry barrier for cybercriminals.
Public services such as law enforcement portals, court systems, and emergency management platforms are being hit with increasing frequency, often forcing outages that disrupt daily life and erode citizen trust in digital government systems.
To counter the onslaught, Trustwave recommends a multipronged defense strategy, maintaining asset inventories, promptly patching critical vulnerabilities, performing ransomware readiness assessments aligned with the NIST CSF, and enforcing least-privilege access.
Agencies are also urged to adopt immutable backups and partner with Managed Detection and Response (MDR) providers to improve threat visibility and response across hybrid environments. Ransomware remains the foremost cyber threat facing governments in 2025.
Without substantial investment in coordinated defense, policy-level deterrence, and cross-border intelligence sharing, public institutions risk continued paralysis at the hands of increasingly organized and well-funded ransomware cartels.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
