GuidePoint Security, a leading cybersecurity solutions provider, has released its latest quarterly Ransomware & Cyber Threat Report, compiled by the GuidePoint Research and Intelligence Team (GRIT). The Q2 2025 report delivers a comprehensive analysis of the evolving Ransomware-as-a-Service (RaaS) landscape, revealing a 45% year-over-year increase in active ransomware groups.
Despite significant law enforcement actions targeting prominent groups like LockBit, AlphV, and BreachForums, cybercriminal operations remain resilient. “While takedowns have disrupted major players, the substantial rise in active ransomware groups highlights the persistent threat,” said Justin Timothy, Principal Threat Intelligence Analyst at GuidePoint Security. “The recent dip in publicly disclosed ransomware incidents likely reflects temporary factors such as seasonal slowdowns, ecosystem fragmentation, and strategic regrouping. Groups like Qilin, Akira, and Play continue to expand their activities, requiring defenders to stay alert for emerging threats.”
Cyber Technology Insights : N2K Partners With Technology Innovation Hub TAC to Strengthen Cybersecurity Workforce Certificate Readiness
The report also notes that affiliates are reorganizing under existing or newly formed brands, with some establishing independent operations by reusing known cyber tools.
Key insights from the Q2 2025 report include:
The number of active ransomware groups rose from 45 in Q2 2024 to 71 in Q2 2025, marking a 45% increase.
While ransomware victim counts remain 43% higher year-over-year, Q2 2025 saw a 23% decline in reported attacks, suggesting tactical shifts rather than a reduced threat.
Qilin emerged as the most active group this quarter, recording an 85% increase in activity.
The United States accounted for 52% of observed ransomware victims, followed by Singapore (23%) and Canada (5%).
Manufacturing, technology, and legal sectors were the most targeted industries, with healthcare falling out of the top five for the first time since Q2 2022.
Cyber Technology Insights : Akamai Announces New Members Elected to its Board of Directors
“The ransomware ecosystem is experiencing a redistribution rather than a decline in threat capacity,” Timothy added. “As affiliates reorganize or launch their own campaigns under different banners, security teams should anticipate familiar tactics being deployed under new names in the coming months.”
The GRIT report further explores Iranian threat actor activities, rising momentum of the RaaS group DragonForce, and the impact of law enforcement crackdowns on Lumma Stealer, a widely used information-stealing malware.
GuidePoint’s findings are derived from public sources, threat actor disclosures, and in-depth analysis by its cybersecurity research team, offering critical insights to help organizations strengthen their defenses against ransomware and related threats.
Cyber Technology Insights : AutoRABIT CodeScan Enters FedRAMP Authorization Process to Deliver Trusted
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source: businesswire
