Increase in Ransomware Victims Despite Decline in Active Groups

First reported

29.01.2026 15:01

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Ransomware attacks surged in Q4 2025, with a 50% increase in victim organizations compared to the previous quarter and a 40% rise year-over-year. Despite a decline in the number of active ransomware groups, top-tier operators like Qilin, Akira, and Sinobi intensified their activities, focusing on rapid execution to avoid detection. Qilin led with over 450 victims, including Asahi, while Sinobi saw a 300% surge in data-leak site listings, emerging as a significant threat.

Timeline

29.01.2026 15:01 1 articles · 23h ago

Qilin, Akira, and Sinobi Lead Late-2025 Ransomware Wave
In Q4 2025, ransomware groups Qilin, Akira, and Sinobi were the most prolific, with Qilin claiming over 450 victims, including Asahi. Akira claimed over 200 victims, while Sinobi saw a 300% surge in data-leak site listings, emerging as a significant threat. Sinobi is likely an offshoot of Lynx ransomware, which remains active but with fewer incidents.
Show sources

Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
Open in new tab

Information Snippets

The number of victim organizations with data posted on ransomware leak sites increased by 50% compared to Q3 2025 and by 40% compared to Q4 2024.
First reported: 29.01.2026 15:01

1 source, 1 article
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
The number of active ransomware groups declined, but top-tier operators increased their output.
First reported: 29.01.2026 15:01

1 source, 1 article
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
Qilin ransomware claimed over 450 victims, including Japanese brewer Asahi.
First reported: 29.01.2026 15:01

1 source, 1 article
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
Akira ransomware claimed over 200 victims.
First reported: 29.01.2026 15:01

1 source, 1 article
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
Sinobi ransomware saw a 300% surge in data-leak site listings compared to the previous quarter.
First reported: 29.01.2026 15:01

1 source, 1 article
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
Sinobi ransomware is likely an offshoot of Lynx ransomware, which remains active but with fewer incidents.
First reported: 29.01.2026 15:01

1 source, 1 article
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
ReliaQuest recommends deploying multi-factor authentication (MFA) and strengthening data exfiltration monitoring tools to defend against ransomware attacks.
First reported: 29.01.2026 15:01

1 source, 1 article
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01

Summary

Timeline

Qilin, Akira, and Sinobi Lead Late-2025 Ransomware Wave

Information Snippets