- Ransomware victims rose from ~5,400 in 2023 to over 8,000 in 2025, marking a 53–63% increase
- Major groups like RansomHub, BianLian, and Hunters International were shut down, yet the overall numbers grew
- Active groups surged to between 126 and 141, with Qilin, Cl0p, Play, and INC Ransom leading the attacks
Despite extensive law enforcement efforts to combat ransomware, the situation in 2025 remains dire, with the notorious cybercrime continuing to escalate.
This information comes from “The State of Ransomware in the US: Report and Statistics 2025,” a recent publication by security researchers Emsisoft.
Utilizing data from RansomLook.io and Ransomware.live, collected from 2023 to 2025, Emsisoft found that while some of the most notorious groups were disrupted or ceased operations, the frequency of attacks did not diminish.
The Disappearance of Giants
According to the report, “Since 2023, the number of globally reported victims has increased from approximately 5,400 annually to over 8,000 in 2025.”
“This double-digit annual growth has resulted in increases of between 53% (using Ransomware.live data) and 63% (RansomLook.io data) from 2023 to 2025.” Emsisoft noted that the actual figures are likely much higher, as many incidents go unreported.
Simultaneously, several major groups considered significant threats have been shut down or disappeared, including RansomHub (which targeted Kawasaki Motors Europe, Planned Parenthood, and Manpower), BianLian (which attacked Boston’s Children’s Health Physicians, Mizuno USA, and Northern Minerals), and Hunters International (which targeted Tata Technologies and Dell), among others like Babuk-Bjorka, FunkSec, 8Base, and Cactus.
In absolute terms, however, the number of ransomware groups has actually increased. The data indicates that the number of active groups rose from around 70 in 2023 to between 126 and 141 in 2025.
Groups such as Qilin, Akira, Cl0p, Play, Safepay, and INC Ransom are among the most active this year, overshadowing older groups like LockBit and ALPHV (which is now shut down).
Emsisoft concludes that “the disappearance of successful groups often leads to increased competition to attract the most productive affiliates.” While the number of victims continues to rise, the pressure from international law enforcement appears to be having some effect on criminal organizations.
