Akira and Cl0p lead most active RaaS groups in 2025

First reported

28.08.2025 21:49

Last updated

📰 1 unique sources, 1 articles

Summary

Hide ▲

Akira and Cl0p are the most active ransomware-as-a-service (RaaS) groups in 2025. Ransomware attacks increased by 179% in the first half of 2025 compared to the same period in 2024. The RaaS model enables lower-skilled threat actors to launch attacks. Manufacturing and technology sectors, along with the US, are primary targets. The RaaS model's proliferation is attributed to its accessibility and affordability, enabling a wider range of threat actors to engage in ransomware attacks. The top five most prolific RaaS groups include Akira and Cl0p, with notable tactics such as rebranding and using leaked ransomware source code. The landscape is evolving with groups like RansomHub and Weyhro focusing on pure extortion without encryption. AI tools, such as large language models (LLMs), are being integrated into operations, with Funksec using AI-created phishing templates and WormGPT.

Timeline

28.08.2025 21:49 📰 1 articles

Akira and Cl0p lead most active RaaS groups in 2025
Akira and Cl0p are identified as the most active RaaS groups in 2025, with a 179% increase in ransomware attacks in the first half of the year compared to 2024. The RaaS model enables lower-skilled threat actors to launch attacks, targeting primarily the manufacturing and technology sectors, along with the US. The landscape is evolving with groups like RansomHub and Weyhro focusing on pure extortion without encryption. AI tools, such as large language models (LLMs), are being integrated into operations, with Funksec using AI-created phishing templates and WormGPT.
Show sources

Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups — www.darkreading.com — 28.08.2025 21:49
Open in new tab

Information Snippets

Ransomware attacks increased by 179% in the first half of 2025 compared to the same period in 2024.
First reported: 28.08.2025 21:49

📰 1 source, 1 article
Show sources
- Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups — www.darkreading.com — 28.08.2025 21:49
The RaaS model enables lower-skilled threat actors to launch attacks by exploiting unpatched vulnerabilities.
First reported: 28.08.2025 21:49

📰 1 source, 1 article
Show sources
- Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups — www.darkreading.com — 28.08.2025 21:49
The top five most active RaaS groups in 2025 are Akira, Cl0p, Safepay, RansomHub, and Weyhro.
First reported: 28.08.2025 21:49

📰 1 source, 1 article
Show sources
- Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups — www.darkreading.com — 28.08.2025 21:49
The manufacturing and technology industries, along with the US, are primary targets for ransomware attacks.
First reported: 28.08.2025 21:49

📰 1 source, 1 article
Show sources
- Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups — www.darkreading.com — 28.08.2025 21:49
Ransomware groups are increasingly using pure extortion tactics without encrypting systems.
First reported: 28.08.2025 21:49

📰 1 source, 1 article
Show sources
- Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups — www.darkreading.com — 28.08.2025 21:49
AI tools, such as large language models (LLMs), are being integrated into ransomware operations.
First reported: 28.08.2025 21:49

📰 1 source, 1 article
Show sources
- Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups — www.darkreading.com — 28.08.2025 21:49
Funksec is one of the few groups using LLMs for phishing templates and a tool called WormGPT.
First reported: 28.08.2025 21:49

📰 1 source, 1 article
Show sources
- Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups — www.darkreading.com — 28.08.2025 21:49