Cyble warns of sharp rise in ransomware incidents

Global ransomware activity surged 50% in 2025 despite major shifts among top cybercriminal groups, according to a new report from threat intelligence firm Cyble, The Cyber Express reports.

The company recorded 5,010 ransomware attacks on dark web leak sites through October 21, up from 3,335 in the same period last year. Cyble attributed the surge to the rise of groups such as Qilin and newcomers like Sinobi and The Gentlemen, which have capitalized on fresh vulnerabilities and the collapse of older syndicates like RansomHub.

The U.S. remained the most targeted nation, accounting for 55% of Septembers attacks, followed by South Korea, which faced 32 incidents, 29 of them from Qilin's "KoreanLeak" campaign that hit asset management firms via supply chain compromises.

Qilin also topped all groups with 99 claimed victims, while The Gentlemen debuted with 46. Cyble warned that ransomware groups are becoming more agile and sectorally diverse, with construction, manufacturing, and finance among the hardest hit.