Losses from fraudulent online banking transfers hit a record high of around 10.4 billion yen in Japan in 2025, increasing by about 1.7 billion yen from the previous year, the National Police Agency said Thursday.

Meanwhile, ransomware attacks, in which attackers block victims from accessing their computer data and demand payment for them to regain it, were up by four cases to 226, according to data compiled by the agency.

For unauthorized online banking transfers, individuals accounted for about 55 percent of losses, while companies accounted for around 45 percent. The damage suffered by companies soared to around 4.7 billion yen, more than quadruple the previous year's amount.

Phishing, in which scammers deceive victims into revealing sensitive information, was the most common method used in illicit online banking transfers, accounting for 90 percent of cases, totaling a record high 2,454,297, up by about 730,000 from a year before.

The number of fake websites reported also increased from the previous year, up by about 300,000 cases to 1,033,675.

As for ransomware attacks, approximately 60 percent of the victims were small and medium-sized firms, the agency said. By industry, manufacturing had the highest number of cases at 91.

Of the 149 cases in which the type of ransomware was identified, a hacker group calling itself Qilin accounted for most with 32 cases. Qilin claimed responsibility for a cyberattack on Japanese beverage firm Asahi Group Holdings Ltd. in September, in which personal information of about 1.9 million customers and employees is believed to have been leaked.

In a survey of companies and others impacted by ransomware attacks, about half reported recovery costs exceeding 10 million yen, with five cases surpassing 100 million yen. Furthermore, only 27.1 percent were able to restore operations within a week.

Although most firms had backed up their data, approximately 80 percent were unable to restore it due to encryption or deletion by attackers.

The most common entry point for ransomware attacks was through virtual private network equipment connected to victims' networks. Most affected companies had not established business continuity plans that factored in cyberattacks.

