Ransomware Groups
We've curated 11 cybersecurity statistics about Ransomware groups to help you understand how these organized cybercriminals are evolving their tactics, targeting vulnerabilities, and leveraging advanced technologies to hold businesses hostage in 2025.
Related Topics
Showing 1-11 of 11 results
The Qilin ransomware group claimed 1,115 victims in 2025, making it the most active ransomware group across disclosed and undisclosed attacks.
Fifty-two new ransomware groups emerged in 2025, a 9% increase compared to 2024.
A total of 130 different ransomware groups carried out attacks in 2025.
The INC ransomware group claimed 66 victims in undisclosed activity in 2025.
The Akira ransomware group was linked to 776 total recorded attacks in 2025.
In 2025, 5.9% of ransomware attacks were attributed to Qilin, 5.9% to Clop, 5.0% to Akira, 2.9% to Play, and 2.7% to SafePay.
The top five ransomware groups — Qilin, Clop, Akira, Play, and SafePay — were responsible for 938 incidents, accounting for nearly 25% of all ransomware attacks in 2025.
In 2025, there were 103 distinct ransomware threat actors observed targeting critical infrastructure.
Out of 103 active ransomware groups, five groups accounted for nearly 25% of global ransomware incidents.
Qilin was responsible for 248 incidents, Clop for 246 incidents, Akira for 209 incidents, Play for 120 incidents, and SafePay for 115 incidents in 2025.
In 2025, 77.7% of ransomware attacks were attributed to other actors outside the top five groups.