Threat Intelligence, Ransomware

Ransomware victims hit record high in 2025

(Adobe Stock)

Ransomware activity reached unprecedented levels in 2025, with attackers naming a record number of victims on dark web leak sites, underscoring the growing scale and complexity of the threat landscape, Security Brief United Kingdom reports.

Research from Searchlight Cyber found 7,458 victims publicly listed by extortion groups, a 30% jump from 2024, alongside 124 active gangs, including 73 newcomers. Analysts said the surge reflects a fragmented but resilient ecosystem, where groups frequently splinter, rebrand or collaborate to evade disruption. Qilin led second-half activity with 697 victims, ahead of Akira, IncRansom, Sinobi, and Play. Qilins spike followed a coalition with Dragonforce and LockBit.

The report also highlighted emerging "supergroups" such as Scattered Lapsus$ Hunters, increasing use of AI to streamline attacks, and persistent supply chain weaknesses. Head of threat intelligence Luke Donovan warned that arrests alone are insufficient, urging organizations to prioritize proactive exposure management and visibility to avoid becoming targets.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds