In the third quarter of 2025, ransomware activity stabilized with over 1,592 new victims reported across 85 active data leak sites. This represents a notable year-over-year increase, indicating a persistent threat level despite the closure of several notable Ransomware-as-a-Service (RaaS) platforms. The re-emergence of LockBit 5.0 in September signals a potential re-centralization in the RaaS landscape, while Qilin topped the averages of victim counts per month, showcasing aggressive recruitment strategies from former affiliates of other disrupted groups.
Moreover, the fragmented nature of the ransomware ecosystem now features smaller groups taking on increased activity, as evidenced by the 47 published victims by 14 new groups this quarter. The observed double-extortion tactics underline the escalating challenge of combating ransomware, as many victims report difficulties in negotiating ransoms with emerging, less established groups. Despite the scrutiny and takedown efforts aimed particularly at larger RaaS entities, the overall trend of ransomware incidents continues its upward trajectory, illustrating the limitations of current enforcement measures against decentralized affiliates.
👉 Pročitaj original: Check Point Research
