Ransomware now strikes one in 40 organisations per week, Check Point finds
VARs, systems integrators, and distributors saw a 143% year-on-year increase in attacks during Q2


Ransomware attacks now impact one in 40 organisations every week, the latest data from Check Point Research (CPR) has found.
Incidents have risen 59% year-on-year from one in 64 organisations being affected in Q2 2021, due to a combination of higher geopolitical tensions, an increase in remote working, as well as a willingness of organisations to pay the cost of the ransom, CPR said.
RELATED RESOURCE
Across the wider landscape, the second quarter of 2022 saw cyber-attacks hit an all-time high, increasing by 32% when compared to Q2 2021.
“Ransomware attacks are showing no signs of slowing down,” commented Omer Dembinsky, Data Group Manager at Check Point Software.
“Hackers are leveraging the increase in attack surface from remote work and learning, and the war between Ukraine and Russia also helps drive the proliferating trend, as geopolitical tensions rising inspires hackers to take sides.”
Distributors targeted
In terms of industry, the data paints a concerning picture for VARs, systems integrators, and distributors. During Q2, the sector saw a 143% increase in ransomware attacks when compared with the same period of last year – equating to one in 47 organisations affected per week.
That hike was only topped by the Retail and Wholesale sector’s jump of 182%, while Government and Military saw the third highest increase at 135%.
ChannelPro Newsletter
Stay up to date with the latest Channel industry news and analysis with our twice-weekly newsletter
The Education and Research sector was found to be the most attacked industry worldwide, taking an average of 2,300 attacks per organisation every week (up 53%). Government and Military came in second, with 1,620 attacks (+44%), followed by ISPs and MSPs which racked up 1,397 (+29%).
Elsewhere, the healthcare sector saw a huge 60% hike to 1,342 attacks per organisation every week, CPR found.
“The willingness of organisations to meet ransomware demands to protect patients has proved the business of ransomware to be highly lucrative. Hence, we see that hackers are continuing to invest resources in going after healthcare organisations,” Dembinsky continued.
By region, Africa was the most attacked during Q2, peaking at 1,758 weekly attacks per organisations (up 3%), followed by Asia’s 1,684 (+25%), and Latin America’s 1,602 (+29%).
Prevention
Check Point reiterated that ransomware attacks are often the result of poor employee training and bad habits. The firm underlined preventative measures such as regularly backing up data, having a proactive strategy, employing content scanning and filtering, as well as keeping systems up to date.
“We strongly recommend organisations everywhere to take note of our ransomware prevention tips, such as backing up data, keeping systems up to date, and training employees on awareness,” Dembinsky added.
Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.
A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.
He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
By Nicole Kobie
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
By Ross Kelly
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackers
News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
By Emma Woollacott
-
Healthcare systems are rife with exploits — and ransomware gangs have noticed
News Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
By Nicole Kobie
-
Alleged LockBit developer extradited to the US
News A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
By Emma Woollacott
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
By Emma Woollacott
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
News The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
By Solomon Klappholz
-
Warning issued over prolific 'Ghost' ransomware group
News The Ghost ransomware group is known to act fast and exploit vulnerabilities in public-facing appliances
By Solomon Klappholz