#Japan #Tokyo #Ransomware #Check Point #Qilin

Overview of Cyber Threats in November 2025

In November 2025, Check Point Research (CPR), renowned for its cyber threat intelligence, released an insightful report detailing global cyber threats. Their findings indicate a concerning upward trend in cyberattacks, with organizations experiencing an average of 2,003 attacks per week. This represents a 3% increase from October and a 4% increase compared to November 2024. A primary factor behind this surge is the heightened activity of ransomware attacks, the expansion of targeted attack sectors, and increased risks of data breaches linked to generative AI tools utilized by businesses.

Industry Impact

The education and research sector remains the most targeted industry, suffering an alarming average of 4,656 attacks per organization weekly, reflecting a 7% increase from the previous year. Following this, government and military targets recorded an average of 2,716 attacks, marking a 2% rise, while non-profit organizations faced a dramatic increase of 57%, averaging 2,550 attacks per week. This surge in attacks on non-profits signifies a trend where attackers are focusing on sectors with limited security measures that also handle valuable data and provide publicly accessible digital services.

Regional Attack Trends

Regionally, Latin America is experiencing the highest rate of cyber incidents, with an average of 3,048 attacks per week (a 17% increase year-over-year). The Asia-Pacific region follows closely with 2,978 attacks (a slight decrease of 0.1%), while Africa recorded 2,696 attacks (a 13% decrease). Europe, while slightly declining by 1%, remains a key area of focus, whereas North America saw a notable 9% increase, underlining its significance as a prime target for sophisticated, financially motivated threat groups. Over the year, the disparity in attack frequency among regions has narrowed, showcasing a troubling convergence in global cyber threat landscapes.

Security Risks Associated with Generative AI

The rise of generative AI tools within enterprises has escalated the risks of data leaks, with CPR's investigation revealing that 1 in 35 prompts to generative AI carries a high risk of sensitive data exposure. This alarming statistic affects 87% of organizations that regularly utilize these tools, illustrating the extent to which AI has permeated daily operations. Moreover, about 22% of prompts contained potentially sensitive information like internal communications, corporate data, confidential codes, and personal data. Many AI tools are currently used without adequate oversight, leading to a heightened risk of accidental data leaks and increasing vulnerabilities to ransomware and AI-driven cyber attacks.

Ransomware Victim Reports

In November 2025, a total of 727 ransomware cases were reported, reflecting a significant 22% increase from the previous year. North America remains the epicenter of ransomware activity, accounting for 55% of reported incidents, with Europe following at 18%. The United States alone constitutes 52% of the ransomware victims, followed by the United Kingdom (4%) and Canada (3%). The data is drawn from information provided by leak sites operated by double-extortion ransomware groups, which, despite inherent biases, furnish crucial insights into the current state of ransomware activities.

Sector-Specific Ransomware Impact

Among industries, manufacturing has suffered notably, representing 12% of the reported ransomware impacts. Attackers are exploiting operational dependencies and vulnerabilities of legacy systems. Business services and consumer goods/services follow, with 11% and 10% respectively, underscoring the ongoing targeting of sectors that harbor high-value data and exhibit low resilience to operational disruptions.

Active Ransomware Groups

Qilin has again emerged as the most active ransomware group in November, following a significant attack on the Asahi Group HD in September. It accounts for 15% of reported attacks, with Clop following closely at 15% and Akira at 12%. Qilin, an established Ransomware-as-a-Service (RaaS) group, is known for its continuous data leak site operations since rebranding from its original name,