Clop ransomware experienced a 2,300% increase in victim claims, which was driven by the exploitation of a vulnerability in Cleo software.

In Q1 2025, Clop named 389 victims on its data-leak site in February alone.

The second most active ransomware group in December was Clop with 68 attacks, followed by Akira with 43 attacks and RansomHub with 41 attacks.