Against the backdrop of rapidly evolving global cybersecurity threats, ransomware attacks have seen a certain degree of stagnation in quantity, but are becoming increasingly sophisticated in quality. A new report shows that while the number of ransomware attacks decreased slightly in November 2025 compared to previous months, the sophistication of attack techniques continues.
According to the "Cyber Threat Intelligence Report" released by NCC Group, a cybersecurity company, 583 ransomware attacks were confirmed globally during this period. This represents a 2% decrease from the previous month. While the number of attacks has slowed, the burden on businesses remains heavy. 57% of all attacks were concentrated in North America, followed by Europe (20%) and Asia (12%). By industry, the industrial sector accounted for a quarter of the targets, suffering the most attacks, followed by the consumer goods and information technology sectors.
In particular, the Qilin ransomware group has been classified as one of the most active groups for four consecutive months. They were responsible for 17% of all cases, a slight decrease compared to October of last year. This is interpreted as a degree of retreat from the group's unusually active period.
A recently highlighted attack technique is social engineering known as "ClickFix" or "ClearFake." This technique exploits users' desire to solve minor technical problems or pass CAPTCHA verifications, tricking them into executing malicious commands. Microsoft warned of the dangers of this technique in August of this year, reporting a 517% surge in its usage during the first half of 2025. This indicates that social engineering attacks targeting human psychology and aiming to circumvent automated security systems are on the rise.
Matt Hull, Global Head of Cyber Threat Intelligence at NCC Group, warned, "While the number of attacks has stabilized somewhat, cybercriminal organizations are sharing attack tools and methods and actively taking advantage of the year-end lull in vigilance. Businesses must not let their guard down." He further emphasized, "Strengthening security capabilities, raising employee security awareness, and proactively reviewing intrusion response procedures are currently the most effective defense strategies."
Ultimately, while the number of attacks may decline, the complexity and impact of the threat are increasing. The report's core message is that to combat increasingly sophisticated ransomware tactics, a human-centric security culture must be promoted in parallel, in addition to technology-centric responses.
