Ransomware Attacks Surge 53–63% in Two Years, Despite Takedowns of Major Groups
A new report from cybersecurity firm Emsisoft reveals a sharp rise in ransomware attacks, with victim counts jumping from approximately 5,400 in 2023 to over 8,000 in 2025—a 53–63% increase. The findings, drawn from data collected by RansomLook.io and Ransomware.live between 2023 and 2025, suggest the actual number of incidents is likely far higher due to underreporting.
While law enforcement disruptions and voluntary shutdowns took down prominent ransomware groups—including RansomHub, BianLian, and Hunters International—the overall threat landscape expanded. The number of active ransomware groups nearly doubled, rising from around 70 in 2023 to between 126 and 141 in 2025. Emerging groups like Qilin, Cl0p, Play, and INC Ransom have filled the void left by defunct operations such as LockBit and ALPHV.
Emsisoft notes that the disappearance of major players has led to increased competition among affiliates, with new groups vying for dominance. Despite ongoing law enforcement pressure, the report concludes that ransomware remains a growing threat, with no signs of decline in attack frequency or sophistication.
Source: https://www.techradar.com/pro/security/takedowns-and-arrests-didnt-slow-down-ransomware-in-2025
Kawasaki Heavy Industries, Ltd. cybersecurity rating report: https://www.rankiteo.com/company/kawasaki-heavy-industries
Mizuno Corporation EMEA cybersecurity rating report: https://www.rankiteo.com/company/mizuno-corporation
Planned Parenthood Federation of America cybersecurity rating report: https://www.rankiteo.com/company/planned-parenthood-federation-of-america
EMHS cybersecurity rating report: https://www.rankiteo.com/company/northernlighthealth
"id": "KAWMIZPLANOR1767987352",
"linkid": "kawasaki-heavy-industries, mizuno-corporation, planned-parenthood-federation-of-america, northernlighthealth",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Automotive',
'name': 'Kawasaki Motors Europe',
'type': 'Corporation'},
{'industry': 'Healthcare',
'name': 'Planned Parenthood',
'type': 'Non-profit/Healthcare'},
{'industry': 'Staffing/Recruitment',
'name': 'Manpower',
'type': 'Corporation'},
{'industry': 'Healthcare',
'name': 'Boston’s Children’s Health Physicians',
'type': 'Healthcare Provider'},
{'industry': 'Sports Equipment',
'name': 'Mizuno USA',
'type': 'Corporation'},
{'industry': 'Mining',
'name': 'Northern Minerals',
'type': 'Corporation'},
{'industry': 'Engineering/Technology',
'name': 'Tata Technologies',
'type': 'Corporation'},
{'industry': 'Technology',
'name': 'Dell',
'type': 'Corporation'}],
'date_publicly_disclosed': '2025',
'description': 'Ransomware victims increased from ~5,400 in 2023 to 8,000+ in '
'2025, a 53–63% rise. Major groups like RansomHub, BianLian, '
'and Hunters International shut down, but overall ransomware '
'activity grew with 126–141 active groups in 2025. Leading '
'attacks were conducted by Qilin, Cl0p, Play, and INC Ransom.',
'lessons_learned': 'The disappearance of successful ransomware groups often '
'results in open competition to attract the most '
'productive affiliates, leading to a rise in overall '
'attacks despite law enforcement efforts.',
'motivation': 'Financial gain',
'ransomware': {'ransomware_strain': ['Qilin',
'Cl0p',
'Play',
'INC Ransom',
'Akira',
'Safepay',
'LockBit',
'ALPHV',
'8Base',
'RansomHub',
'BianLian',
'Hunters International',
'Babuk-Bjorka',
'FunkSec',
'Cactus']},
'references': [{'date_accessed': '2025', 'source': 'Emsisoft'},
{'date_accessed': '2025', 'source': 'RansomLook.io'},
{'date_accessed': '2025', 'source': 'Ransomware.live'},
{'date_accessed': '2025', 'source': 'TechRadar Pro'}],
'threat_actor': ['Qilin',
'Cl0p',
'Play',
'INC Ransom',
'Akira',
'Safepay',
'LockBit',
'ALPHV',
'8Base',
'RansomHub',
'BianLian',
'Hunters International',
'Babuk-Bjorka',
'FunkSec',
'Cactus'],
'title': 'Global Ransomware Surge (2023-2025)',
'type': 'Ransomware'}