Find notable cyber news and cases, enriched with sources, timelines, and signals.

Ransomware-as-a-service ecosystem splinters into 85-group market in Q3 2025

Threat Actor Meta
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

Q3 2025 marked a major ransomware ecosystem shift as 85 active groups and 14 new brands pushed the market toward fragmentation. The change raises risk because former affiliates and short-lived crews make attribution, tracking, and negotiation less reliable. It also shows that takedowns have not reduced overall volume; they have redistributed operators across more leak sites. A possible countertrend is the return of LockBit 5.0, which could recentralize part of the market if affiliates rally around a trusted brand.

Related Happenings

Qilin consolidates into dominant RaaS position as ransomware market reconcentrates

Threat Actor Meta
H score39 First: 03.07.2026 16:00 Last: 03.07.2026 16:00 Sources 1

About this happening: **Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...

INC ransomware group’s RaaS expansion and victim growth in 2026

Threat Actor Meta
H score45 First: 18.06.2026 17:12 Last: 18.06.2026 17:12 Sources 1

About this happening: **INC** has grown from a **RaaS** startup into one of **2026**’s most prolific ransomware groups, with **830+ victims since August 2023**. The expansion followed affiliate migrati...

DragonForce / Hackledorb pivots from RaaS to a formalized cartel structure

Threat Actor Meta
H score26 First: 18.06.2026 16:30 Last: 18.06.2026 16:30 Sources 1

About this happening: **Hackledorb** has **pivoted DragonForce** from a conventional **ransomware-as-a-service (RaaS)** model into a **formalized cartel structure**, signaling a more organized and dura...

Phantom Mantis shifts The Gentlemen into an independent ransomware partnership program

Threat Actor Meta
H score24 First: 11.06.2026 19:50 Last: 11.06.2026 19:50 Sources 1

About this happening: **Phantom Mantis** moved **The Gentlemen** from dependence on other ransomware ecosystems into an **independent partnership program**, expanding its operational autonomy and affil...

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
H score11 First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...

Timeline

  1. 14.11.2025 12:37 2 articles · 7mo ago

    Ransomware-as-a-service ecosystem splinters into 85-group market in Q3 2025

    Initial Disclosure

    By **Q3 2025**, enforcement pressure had fractured the ransomware market into smaller crews, while former affiliates kept launching new brands and leak sites.

    Show sources