Download the report
THE RANSOMWARE LANDSCAPE IN H2 2025
DOWNLOAD OUR ANALYSIS OF RANSOMWARE VICTIMS, GROUPS AND TACTICS to learn about:
- The increasing velocity of victimization: Ransomware groups claimed a record 7,458 victims in 2025. This was a 30% increase on 2024, with the growth rate of victims more than doubling year-over-year
- A more complex and fragmented landscape: 2025 saw 124 active groups in total, more than any previous year recorded. 73 new ransomware groups were identified across 2025, with 38 appearing in the second half of the year alone.
- The rise of Qilin: Qilin dominated the landscape as the most prolific group, marking a staggering 420% year-over-year increase in victims.
- The emergence of “Supergroups”: The report tracks the formation of high-profile collaborations, such as Scattered Lapsus$ Hunters, where threat actors pool specialized talents to scale operations.
- AI as a catalyst: Artificial Intelligence is lowering the barrier to entry, allowing new groups to automate malware development and conduct hyper-personalized social engineering.
“2025 was a record year for ransomware, driven by a professionalized ecosystem that remains devastatingly effective despite increased pressure from global law enforcement. While we saw a very slight dip in victim numbers in the second half of the year, this should not be interpreted as a victory. The landscape continues to fragment; large monolithic syndicates are fracturing into smaller, agile cells, and with the number of active groups at an all-time high, the threat landscape has become more complex and difficult to track than ever before.”
- Luke Donovan, Head of Threat Intelligence, Searchlight Cyber