- Ransomware groups reached record highs in 2025, new report claims
- Searchlight says the number of victims also broke previous records
- The victim growth rate has doubled since 2024
If you thought the threat of ransomware was getting worse - you’re right, as new findings in the Searchlight Ransomware H2 2025 report has laid bare the scale of the problem.
The number of active ransomware groups has reached levels never seen before, with the growth rate of victims doubling since 2024.
New, more complex ransomware groups are splintering from the big names, creating a highly competitive market for victims.
Ransomware in 2025 breaks records
The victim count in 2025 reached a total of 7,458 - more than any previous year. But this only represents the number of businesses and organizations that disclosed they had suffered a ransomware attack. The US took the brunt of the attacks, with 1,536 victims disclosing attacks in 2025, followed by Canada with 182, Germany with 167, and the United Kingdom with 131.
The true number of victims, such as customers or users whose data was stolen during an attack in 2025 and leaked or sold on the dark web, is likely in the millions.
124 unique active ransomware groups were operating in 2025, with 73 of these being new groups entering the landscape. But one group remains as the most prolific threat - Qilin. This ransomware-as-a-service (RaaS) group offers its malware for purchase, letting affiliate hackers attack organizations with a portion of the ransom payment paid back to the Qilin operators.
By providing an advanced ransomware kit at an affordable price, the barrier for entry into the highly profitable world of ransomware is significantly reduced. The Akira group, which also operates as a RaaS group, claimed the second largest pool of numbers with 384.
Supergroups also emerged in 2025 - collaborative operations between ransomware groups who pool their specialized skills in order to attack bigger targets. The joint operations by Scattered Spider, LAPSUS$ and ShinyHunters is the best example of a supergroup, with this trio launching a RaaS operation as a result of their collaboration.
One of the main drivers in the growth of ransomware attacks in 2025 was the availability of AI. Many groups have utilized AI in crafting social engineering campaigns and phishing kits that are highly convincing and can bring an organization to its knees with just a single click.
“2025 was a record year for ransomware, driven by a professionalized ecosystem that remains devastatingly effective despite increased pressure from global law enforcement. While we saw a very slight dip in victim numbers in the second half of the year, this should not be interpreted as a victory,” said Luke Donovan, Head of Threat Intelligence, Searchlight Cyber.
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.