Brazil recorded the third-highest volume of ransomware attacks globally in June, according to data provided by the Ransomware.live platform. This initiative was created by Julien Mousqueton, CISO of Cohesity, a company focused on data security that utilizes artificial intelligence (AI).
Global Attack Ranking
During the month, 23 incidents were counted in Brazilian territory. With this record, Brazil placed behind only the United States and Germany. This is the first time the country has entered the top ten most affected since the platform began collecting data in January.
Ransomware.live constantly monitors leak sites operated by ransomware groups to identify and document new victims. Ransomware attacks function by employing malicious software that prevents users or organizations from accessing their systems. Subsequently, criminals demand a ransom to restore access, often under the threat of permanently exposing or deleting the data.
International Comparison for June
According to the survey, the United States led the ranking for June with 199 cases, followed by Germany, which accumulated 49 attacks. Brazil holds the third position with 23 attacks, surpassing the United Kingdom, which reported 21 occurrences. India and Canada tied with 20 cases each.
The other countries completing the top ten are: France with 15 cases, Italy with 15, Mexico with 14, and Thailand with 13.
Strategic Analysis of Attacks
Gustavo Leite, Vice President of Cohesity for Latin America, interpreted the inclusion of Brazil, India, and Thailand among the main targets as a possible sign of a change in the tactics of criminal groups. He assessed that the recent rise of these countries as identified targets may be the result of an intentional strategy aimed at jurisdictions that demonstrate lower preparedness in incident response and collaboration with security agencies.
Total Number of Victims Worldwide
Globally, the survey indicated a total of 708 ransomware victims in June. Although this number represents a decrease of 10.5% compared to the 791 victims registered in May, Cohesity emphasizes that the overall volume remains very high compared to the last twelve months, highlighting the continuous intensity of the threat.
Victim records over the last twelve months showed the following totals: July 2025 with 547; August 2025 with 530; September 2025 with 598; October 2025 with 839; November 2025 with 717; December 2025 with 882; January with 702; February with 784; March with 844; April with 870; May with 791 and June with 708.
Sectors Most Targeted by Attacks
In terms of sectors, the B2B market remained the most impacted sector by ransomware attacks in June, totaling 123 victims. There was a reduction of 23.1% in this segment compared to the 160 cases registered in May. Subsequent sectors include Manufacturing, with 83 victims (a drop of 19.4%); Technology, with 56 (a drop of 21.1%); Consumer Services, with 53 (showing an increase of 1.9%); Health, with 52 (a drop of 23.5%); Agriculture and Food Production, with 36 (a drop of 7.7%); Construction, with 27 (a drop of 15.6%); Transport and Logistics, with 26 (a drop of 25.7%); Financial Services, with 25 (a drop of 26.5%), and Education, with 24 (a drop of 14.3%).
Among all analyzed categories, Consumer Services was the only sector to register growth compared to the previous month, rising from 52 to 53 victims, corresponding to an increase of 1.9%.
Data Disclosure
Cohesity publishes the Ransomware.live figures monthly. The company states that its services are used by clients in more than 140 countries, covering 70% of the companies listed in the Fortune Global 500.