That is a cybersecurity firm’s stance on reporting its April 2025 user base data, which shows a drop in such attacks.

In a review of cyber statistics recorded in its user base for the month of April 2025, a cybersecurity firm has released some trends from the data.

First, the firm’s user base data showed a drop in ransomware attacks by 31%, totaling 416 cases. This was the second consecutive month of decline.

Second, in the data, the industrial sector was the most targeted, accounting for 32% of all attacks (133 incidents).

Other findings

Third, the next most targeted sector in the data was “consumer discretionary” (including retail), with 73 attacks, compared to 124 in March 2025. Also:

• Users from North America had experienced the highest share of attacks, with 51% (211 cases), followed by those from Europe at 27% (110), Asia at 12% (51), and South America at 5% (21).
• The most active ransomware group encountered in the April data was Akira (65 attacks), overtaking Babuk2, (16 attacks compared to 84 in March). Other active ransomware groups noted in the data were Qilin (49 attacks) and Play (42 attacks).
• The month’s data showed a rise in the use of weaponized PDFs as a method for cyberattacks, leveraging increasingly sophisticated Zero Day exploits and advanced social engineering to target specific users or organizations.

According to Matt Hull, Head of Threat Intelligence, NCC Group, the firm releasing its April data findings: “While the number of reported ransomware victims declined further in April, it would be a mistake to assume that this is a sign that the threat is fading. Globally, many ransomware cases still fly under the radar, and are under-reported or deliberately kept quiet…  In this climate, a strong and embedded security culture is no longer optional; it is a critical enabler of organizational resilience… to maintain a strong security culture, respond quickly to emerging threats, and adapt to shifting tactics — all the while staying ahead of adversaries that never stop evolving.”