The top ten ransomware groups now account for only 50% of attacks, which is down from 69% previously.

The number of active ransomware groups has exceeded 60 for the first time.

The number of active ransomware groups has doubled over the last three years.

When it comes to the most concerning threat actors, external sources dominate with hacktivists holding the top spot.

Nation-state actors are second most concerning threat actors.

There are now 96 active ransomware groups.

52 entirely new ransomware groups emerged in the last year.

Credentials for victims of the Play, Akira, and Rhysida ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack.

Akira and RansomHub shared second place of most active threat group in March, with 62 attacks each.

55% of threat groups active in 2024 were financially motivated, showing a steady increase.

8% of threat groups were motivated by espionage.

Safepay was the third most active threat group in March, with 42 attacks.

Babuk2 was the most active threat group, responsible for 14% of all attacks in March. Babuk2 drove ransomware activity with 84 attacks in March. This represents a 37% increase for Babuk2 from January (61 attacks).

Out of the 962 victims claimed in February 2025, 335 were claimed by the Clop (Cl0p) group.

February 2025 saw a total of 962 victims claimed by ransomware groups.

The number of victims claimed by Clop (Cl0p) saw a 300% jump from the previous month.