He ransomware It is one of those attacks that no one wants to suffer. Companies fear it because, if they do not manage to contain it in time, they can be paralyzed for days, weeks or even months, with million-dollar losses as a consequence. It is not foreign to private users either: we will not always be willing, nor able, to pay a ransom, which in many cases means losing our files. However, this threat continues to advance, gaining presence in our environment and forcing us to remain more alert than ever.
Spain, among the most affected countries. The team of Thales Cyber Threat Intelligenceone of the largest European defense and cybersecurity groups, places Spain as one of the most attractive targets for actors operating with ransomware. According to their report shared via email, the country recorded 164 attacks in 2025, with 79 in the first half of the year and 85 in the second. The most relevant data comes when putting these figures in context: Spain ranked sixth in the world in the number of attacks during the second half of the year.
A trend that points upward. Thales experts also point out that ransomware attacks in Spain grew by 7.6%, an increase that is part of a general increase in cyber activity. Behind them are factors such as geopolitical tensions, the evolution of ransomware tools, the increasingly rapid exploitation of vulnerabilities and the interconnection of threats between critical sectors. All of this creates a scenario with more mature, organized and difficult to contain actors.
The global context changes the scale. Although the situation in Spain invites vigilance, the panorama is transformed when it is expanded to an international level. The United States was the most affected country in the second half of 2025, with 3,946 attacks. They were followed by Canada, with 411, and Germany, with 296. The weight of the United States is especially striking: it accounted for 51.23% of the attacks recorded in that period, which shows a very unequal distribution of this criminal activity.
A particularly exposed sector. On a global scale, and always according to Thales, the financial sector continues to be among the main objectives. Banks, payment institutions and fintech companies face not only ransomware campaigns, but also persistent threats from advanced cybercriminals, state-sponsored actors and hacktivist groups. In 2025, this sector accumulated 533 ransomware attacks, the highest number among the industries analyzed.
The report also identifies the most active groups. Qilin led the activity with 60 attacks, followed by Akirawith 29, and Inc Ransom, with 17. To them were added two operations that emerged in the second half of the year, The Gentlemen, with 13 attacks, and Sinobi, with 10, which managed to place themselves among the five most active groups against the financial sector.
Consequences that go beyond the numbers. When a ransomware attack manages to overcome an organization’s defenses, the impact stops being statistical and becomes tangible. At the international level, Jaguar Land Rover was forced to paralyze its factories for more than a month after an incident of this type. In Spain, several town councils have also suffered similar attacks, with service interruptions and operational problems that show to what extent these threats have ceased to be a theoretical risk and have become a very real challenge.
Images | Xataka with Gemini | Thales
In Xataka | How often should we change ALL our passwords according to three cybersecurity experts
GIPHY App Key not set. Please check settings