Ransomware activity stabilizes in November, attackers refine tactics

Global ransomware activity showed signs of plateauing in November, according to a new report from NCC Group PLC. Despite a slight month-over-month decrease in tracked incidents, the overall threat landscape remains elevated and is becoming more complex in execution, with further coverage provided by Silicon Angle.

NCC Group tracked 583 ransomware attacks in November, a 2% decrease from October. The industrials sector was the most targeted, accounting for 25% of attacks, followed by consumer discretionary and information technology. North America remained the primary target region, representing 57% of attacks, with Europe at 20% and Asia at 12%. The Qilin ransomware group led activity for the fourth consecutive month, responsible for 17% of recorded attacks. The report also highlighted a significant surge in the ClickFix/ClearFake attack technique, which uses social engineering to trick users into executing malicious commands by exploiting common user behaviors like CAPTCHA verification. This technique saw a 517% increase in usage in the first half of 2025, indicating a shift towards methods that bypass automated defenses by targeting human psychology.

The stabilization in attack volumes does not signal a reduction in threat, as attackers are rapidly evolving their tools and techniques, and exploiting periods of reduced vigilance, such as the holiday season. Organizations are advised to strengthen fundamental security controls, enhance user awareness training, and ensure robust incident response plans are in place. The increasing reliance on social engineering tactics like ClickFix underscores the need for security strategies that address human vulnerabilities alongside technological defenses, as threat actors continue to innovate faster than traditional security measures.

Source: Silicon Angle