The top ten ransomware groups now account for only 50% of attacks, which is down from 69% previously.

The number of active ransomware groups has exceeded 60 for the first time.

The number of active ransomware groups has doubled over the last three years.

Nation-state actors are second most concerning threat actors.

When it comes to the most concerning threat actors, external sources dominate with hacktivists holding the top spot.

52 entirely new ransomware groups emerged in the last year.

There are now 96 active ransomware groups.

Credentials for victims of the Play, Akira, and Rhysida ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack.

Akira and RansomHub shared second place of most active threat group in March, with 62 attacks each.

Safepay was the third most active threat group in March, with 42 attacks.

8% of threat groups were motivated by espionage.

55% of threat groups active in 2024 were financially motivated, showing a steady increase.

Babuk2 was the most active threat group, responsible for 14% of all attacks in March. Babuk2 drove ransomware activity with 84 attacks in March. This represents a 37% increase for Babuk2 from January (61 attacks).

February 2025 saw a total of 962 victims claimed by ransomware groups.

Out of the 962 victims claimed in February 2025, 335 were claimed by the Clop (Cl0p) group.

The number of victims claimed by Clop (Cl0p) saw a 300% jump from the previous month.