{"id":3970,"date":"2025-12-25T15:43:58","date_gmt":"2025-12-25T15:43:58","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/12\/25\/top-ransomware-trends-of-2025\/"},"modified":"2025-12-25T15:43:58","modified_gmt":"2025-12-25T15:43:58","slug":"top-ransomware-trends-of-2025","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/12\/25\/top-ransomware-trends-of-2025\/","title":{"rendered":"Top Ransomware Trends of 2025"},"content":{"rendered":"
\n
\n
\n

The past year was much quieter than 2024 in ransomware takedown and anti-cybercrime law enforcement operations.<\/p>\n

Additionally, less organized collectives such as Scattered Spider, Lapsus$ and ShinyHunters grabbed many of the headlines in 2025.<\/p>\n<\/div>\n

However, traditional ransomware syndicates continued to be active throughout the year.<\/p>\n

According to ransomware tracking website Ransomware.live, 306\u00a0groups were active over the past year, listing 7902\u00a0victims at the time of writing. This is significantly higher than the 6129 victims listed in 2024 and the 5336 victims listed in 2023.<\/p>\n

However, these statistics are based solely on listings from data leak sites and could misrepresent the true scale of attacks, as many incidents go unreported or undetected and some claims by ransomware groups are false.<\/p>\n

Qilin, the group that\u00a0claimed the cyber-attack on brewing giant Asahi\u00a0in September, was\u00a0the most prolific ransomware group, with 1001\u00a0victims listed on its data leak site according to Ransomware.live and 973\u00a0according to competitor RansomLook.<\/p>\n

Both ransomware intelligence websites put Akira as the group with the second most victims claimed, while Clop took the third place.<\/p>\n<\/p><\/div>\n

\"Top
Top 10 of the most active ransomware groups in 2025 by their listings on data leak sites according to Ransomware.live (top) and RansomLook (bottom). Source: Ransomware.live, RansomLook<\/figcaption><\/figure>\n

Ransomware groups were the most active in February of 2025, with 1014 claims in the shortest month of the year, while June had the least victims claimed at 502.<\/p>\n

\"Victims
Victims claimed by ransomware groups in 2025 per month. Source: Ransomware.live<\/figcaption><\/figure>\n
\n

RansomLook\u2019s analysis showed that the Russian-linked ransomware group Clop was particularly active in the first quarter of 2025, activity then slowed during the summer months until\u00a0a small peak of activity around October. Meanwhile, Qilin and Akira showed consistent activity throughout the whole year with less peaks and troughs.<\/p>\n

US Ransomware Victims Made Half of 2025\u2019s Total<\/strong><\/h2>\n

In 2025, ransomware groups targeted a wide range of industries, with Ransomware.live reporting victims for at least 10 sectorial categories.<\/p>\n

The highest number of victims came from the manufacturing sector (930), followed by technology (893) and healthcare (529).<\/p>\n<\/p><\/div>\n

<\/figure>\n
\n

The geographical breakdown, however, was less balanced, with US victims representing almost half of the total number of ransomware group-listed victims in 2025 (3328).<\/p>\n

The second most targeted country, Canada, represented a far lower number with 358\u00a0listed victims over the past year. Germany had 318, the UK 251\u00a0and France, 172.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

The past year was much quieter than 2024 in ransomware takedown and anti-cybercrime law enforcement operations. Additionally, less organized collectives such as Scattered Spider, Lapsus$ and ShinyHunters grabbed many of the headlines in 2025. However, traditional ransomware syndicates continued to be active throughout the year. According to ransomware tracking website Ransomware.live, 306\u00a0groups were active over<\/p>\n","protected":false},"author":2,"featured_media":3971,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3970","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/12\/3970-77a1eee9-d4db-451b-a7c5-1bc887f409ce-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=3970"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3970\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/3971"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=3970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=3970"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=3970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}