Ransomware Surge in 2025: Record Victims and Evolving Threat Landscape
Ransomware attacks reached new heights in 2025, with extortion groups publicly naming 7,458 victims on dark web leak sites a 30% increase from 2024 according to research by Searchlight Cyber. The report, cited by Security Brief United Kingdom, identified 124 active ransomware gangs, including 73 new groups, reflecting a fragmented but resilient criminal ecosystem where attackers frequently rebrand, splinter, or collaborate to evade law enforcement.
Qilin emerged as the most prolific group in the second half of 2025, listing 697 victims, followed by Akira, IncRansom, Sinobi, and Play. Qilin’s surge was partly attributed to a coalition with Dragonforce and LockBit, demonstrating the growing trend of gang alliances. The report also noted the rise of "supergroups" like Scattered Lapsus$ Hunters, which consolidate smaller operations for greater impact.
Beyond traditional tactics, attackers are increasingly leveraging AI to automate and refine attacks, while supply chain vulnerabilities remain a persistent weak point. Luke Donovan, Searchlight Cyber’s Head of Threat Intelligence, emphasized that arrests alone are insufficient to curb the threat, underscoring the need for organizations to enhance proactive exposure management and visibility to mitigate risks.
Source: https://www.scworld.com/brief/ransomware-victims-hit-record-high-in-2025
Sinobi TPRM report: https://www.rankiteo.com/company/darkwebsonar
IncRansom TPRM report: https://www.rankiteo.com/company/riskxchangehq
Dragonforce TPRM report: https://www.rankiteo.com/company/drakontas-llc
Play TPRM report: https://www.rankiteo.com/company/play-sports-group
"id": "darpladraris1771964509",
"linkid": "darkwebsonar, play-sports-group, drakontas-llc, riskxchangehq",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'attack_vector': ['AI automation', 'Supply chain vulnerabilities'],
'data_breach': {'number_of_records_exposed': '7,458'},
'date_detected': '2025',
'description': 'Ransomware attacks reached new heights in 2025, with '
'extortion groups publicly naming 7,458 victims on dark web '
'leak sites, a 30% increase from 2024. The report identified '
'124 active ransomware gangs, including 73 new groups, '
'reflecting a fragmented but resilient criminal ecosystem. '
'Attackers are leveraging AI to automate attacks and '
'exploiting supply chain vulnerabilities.',
'impact': {'data_compromised': '7,458 victims publicly named on dark web leak '
'sites'},
'lessons_learned': 'Arrests alone are insufficient to curb the threat; '
'organizations need to enhance proactive exposure '
'management and visibility to mitigate risks.',
'motivation': 'Extortion',
'post_incident_analysis': {'root_causes': ['AI automation',
'Supply chain vulnerabilities',
'Gang alliances']},
'ransomware': {'data_exfiltration': 'Victims publicly named on dark web leak '
'sites',
'ransomware_strain': ['Qilin',
'Akira',
'IncRansom',
'Sinobi',
'Play']},
'recommendations': 'Enhance proactive exposure management and visibility.',
'references': [{'source': 'Searchlight Cyber'},
{'source': 'Security Brief United Kingdom'}],
'threat_actor': ['Qilin',
'Akira',
'IncRansom',
'Sinobi',
'Play',
'Dragonforce',
'LockBit',
'Scattered Lapsus$ Hunters'],
'title': 'Ransomware Surge in 2025: Record Victims and Evolving Threat '
'Landscape',
'type': 'Ransomware',
'vulnerability_exploited': 'Supply chain vulnerabilities'}