Ransomware & DDoS Spike
U.S. organizations made up 93% of cyber incidents in the Americas last year, with ransomware accounting for 45% of attacks and website defacement 35%—and incidents tend to spike in December when staffing is thin. The trend underscores the converging threats of ransomware, defacement, and DDoS hitting education and public-sector targets. (blog.checkpoint.com)
A concentrated set of ransomware operators drove a large share of North American ransomware activity in 2025: Qilin (~12.4%), Akira (~11.5%) and Clop (just over 10%) together accounted for roughly 34% of ransomware incidents reported in the region. (blog.checkpoint.com) Check Point’s analysis shows initial access vectors were dominated by phishing, credential compromise, exposed internet services and unpatched systems, with attackers differentiating themselves by execution speed and leverage rather than novel techniques. (blog.checkpoint.com) Multiple intelligence trackers recorded a marked operational surge in late December 2025, with public victim postings clustered around the holiday period—indicators include ~724–727 victim listings in aggregate and a notable spike of new listings on December 26, 2025. (saptanglabs.com) Check Point flagged web defacement as a persistent, low‑sophistication signal across North America and noted the United States accounted for more than 72% of those defacement incidents, while independent telemetry and industry reports also recorded a rise in multi‑vector DDoS activity through 2025. (blog.checkpoint.com) Sector-specific data show education remained a top target in 2025: one tracker counted 251 publicly attributed ransomware incidents against educational institutions that year with nearly 4.0 million records exposed, and Sophos’ State of Ransomware in Education surveyed 441 affected institutions for its 2025 findings. (comparitech.com) Federal and industry guidance for K–12 emphasizes MFA, timely patching, and use of external cyber hygiene services to reduce the initial‑access vectors Check Point identified, and roughly 1,500 U.S. schools have signed up for CISA’s free external vulnerability scanning and cyber hygiene services to supplement limited local IT capacity. (cisa.gov) K–12‑focused recommendations for constrained IT teams include adopting lightweight MDM/autonomous endpoint management to shrink the unpatched-asset surface and phased MFA rollouts tailored for students and staff—approaches covered in industry guidance and vendor studies aimed at schools with small IT teams. (action1.com)
