Ransomware leak-site postings surged across victim organizations in Q4 2025
Target Trend
Summary
Hide ▲
Show ▼
In Q4 2025, ransomware leak-site postings for victim organizations rose sharply, signaling stronger extortion pressure across affected targets. Postings were up 50% quarter over quarter and 40% year over year, even as fewer groups remained active. The pattern suggests a smaller set of organized operators is generating more visible harm through data publication and ransom leverage.
Related Happenings
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor Meta
First: 19.03.2026 18:00
Last: 19.03.2026 18:00
Sources 1
About this happening:
**hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor MetaAbout this happening: **hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
Ransomware leak-post volume surged in 2024-2025 as extortion speed increased
Target Trend
First: 18.03.2026 21:37
Last: 18.03.2026 21:37
Sources 1
About this happening:
**Ransomware leak posts** surged from **6,034 in 2024** to **8,835 in 2025**, signaling a larger and faster **extortion ecosystem** that compresses defender reaction time. The inc...
Ransomware leak-post volume surged in 2024-2025 as extortion speed increased
Target TrendAbout this happening: **Ransomware leak posts** surged from **6,034 in 2024** to **8,835 in 2025**, signaling a larger and faster **extortion ecosystem** that compresses defender reaction time. The inc...
Ransomware victim listings and active groups surge across 2025
Target Trend
First: 18.02.2026 13:30
Last: 18.02.2026 13:30
Sources 1
About this happening:
**Ransomware** victim listings climbed to **7,458** on leak sites in **2025**, while active groups reached **124**, signaling a broader and more fragmented extortion ecosystem.
Ransomware victim listings and active groups surge across 2025
Target TrendAbout this happening: **Ransomware** victim listings climbed to **7,458** on leak sites in **2025**, while active groups reached **124**, signaling a broader and more fragmented extortion ecosystem.
Ransomware ecosystem fragments into smaller agile cells in 2025
Threat Actor Meta
First: 18.02.2026 13:30
Last: 18.02.2026 13:30
Sources 1
About this happening:
**Ransomware** activity in **2025** is becoming more fragmented and harder to track, with **124 groups** and **73 new groups** signaling a more crowded threat market. The shift ma...
Ransomware ecosystem fragments into smaller agile cells in 2025
Threat Actor MetaAbout this happening: **Ransomware** activity in **2025** is becoming more fragmented and harder to track, with **124 groups** and **73 new groups** signaling a more crowded threat market. The shift ma...
DragonForce shifts ransomware-as-a-service into a cartel-style affiliate umbrella
Threat Actor Meta
First: 05.02.2026 00:14
Last: 05.02.2026 00:14
Sources 1
About this happening:
**DragonForce** has shifted into a **cartel-style ransomware-as-a-service model**, letting affiliates launch their own brands while sharing a common umbrella. That change expands...
DragonForce shifts ransomware-as-a-service into a cartel-style affiliate umbrella
Threat Actor MetaAbout this happening: **DragonForce** has shifted into a **cartel-style ransomware-as-a-service model**, letting affiliates launch their own brands while sharing a common umbrella. That change expands...
Timeline
-
29.01.2026 15:01 2 articles · 3mo ago
Ransomware leak-site postings surged across victim organizations in Q4 2025
Initial DisclosureLeak-site postings for ransomware victims accelerated in **late 2025**, with published stolen data becoming a more common extortion lever. The shift suggests rising impact even as the ransomware ecosystem became less crowded.
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01