Check Point Research reveals July’s top cyber-threats

Check Point Research has released its Global Threat Intelligence Report for July 2025, revealing a rise in the scale and sophistication of cyber-attacks.

July cyber-attacks

According to the research, in July, organisations faced an average of 1,947 cyber-attacks per week, up 5% year-on-year.

The Education sector was the most targeted globally, averaging 4,210 weekly attacks per organisation (+24% YoY), followed by Government (2,577) and Healthcare & Medical (2,538). The agriculture sector experienced the steepest rise, with a 115% YoY increase.

The research shows that Africa recorded the highest average number of attacks per organisation (3,374 per week), followed by APAC (2,809) and Latin America (2,783). North America saw the largest percentage increase in attacks at +9% YoY.

Ransomware incidents surged, with 487 attacks reported in July, a 41% increase year-on-year.

North America accounted for 56% of all reported ransomware cases, followed by Europe at 24%.

“The only way to stay ahead”

Lotem Finkelstein, Director, Threat Intelligence and Research at Check Point Software Technologies commented: “July’s data shows ransomware is not only here to stay, but is evolving rapidly with groups like Qilin expanding their reach into high-value targets.

“These attacks are hitting every corner of the globe and every type of organisation.

“Prevention-first strategies, powered by AI, are the only way to stay ahead,” Finkelstein concluded.

Top ransomware groups

Check Point Research says that ransomware groups remained one of the most disruptive threats in July 2025.

The company expresses that there was a few highly active groups responsible for much of the global activity, with the three most prominent being Qilin, Akira and Play.

All three of the above are using different techniques but they are also sharing the same goal, maximum impact and financial gain.

Qilin (Agenda)

• Responsible for 17% of all known ransomware incidents in July, Qilin operates as a ransomware-as-a-service (RaaS) platform
• Written in Golang, it is known for targeting large enterprises in healthcare and education. Qilin typically gains access via phishing emails with malicious links, then moves laterally to encrypt systems and exfiltrate sensitive data for double-extortion

Akira

• Accounted for 9% of ransomware cases in July. Active since early 2023, Akira targets both Windows and Linux systems using symmetric encryption (CryptGenRandom) and Chacha 2008)
• Often spreads via compromised VPN endpoints or malicious email attachments. Appends a “.akira” extension to encrypted files and demands ransom for decryption keys

Play (PlayCrypt)

• Made up 6% of ransomware incidents in July. First seen in 2022, Play has attacked over 300 organisations worldwide, including critical infrastructure
• Gains access through stolen credentials or unpatched vulnerabilities, such as in Fortinet SSL VPNs and uses “living-off-the-land” binaries (LOLBins) for stealthy data theft before encryption

Top ransomware-hit industries – July 2025

According to the research conducted by Check Point, the top ransomware-his industries was:

1. Business Services – 10.5%
2. Healthcare & Medical – 9.7%
3. Industrial Manufacturing – 9.4%
4. Construction & Engineering – 9.2%
5. Consumer Goods & Services – 7.2%
6. Financial Services – 6.2%
7. Education – 4.7%
8. Energy & Utilities – 4.1%
9. Hospitality, Travel & Recreation – 4.1%
10. Information Technology – 3.9%
11. Real Estate Rentals & Leasing – 3.7%
12. Government – 3.5%
13. Transportation & Logistics – 3.3%
14. Automotive – 3.1%
15. Associations & Non-Profits – 2.7%
16. Agriculture – 2.5%
17. Wholesale & Distribution – 2.3%
18. Telecommunications – 2.1%
19. Hardware & Semiconductors – 1.2%
20. Media & Entertainment – 1.2%
21. Aerospace & Defence – 0.8%
22. Biotech & Pharmaceuticals – 0.6%
23. Software – 0.6%

Risk and prevention

The company reports that the July 2025 threat landscape underscores a clear reality: no industry, region, or organisation is immune.

As ransomware groups diversify their tactics and target new verticals, the risk to businesses of all sizes continues to grow.

Prevention-first, AI-powered security strategies remain the most effective way to stop these attacks before they cause damage.

Check Point Research will continue to track these trends and provide actionable intelligence to help organisations stay ahead of emerging threats.