Ransomware ecosystem fragments into smaller agile cells in 2025
Threat Actor Meta
Summary
Hide ▲
Show ▼
Ransomware activity in 2025 is becoming more fragmented and harder to track, with 124 groups and 73 new groups signaling a more crowded threat market. The shift matters because smaller, agile cells are replacing larger syndicates while overall effectiveness remains high. AI is also lowering the barrier to entry by helping newer crews with social engineering, data analysis, and ransom negotiations.
Related Happenings
2025 Automotive carmakers ransomware surge
Target Trend
First: 16.04.2026 11:35
Last: 16.04.2026 11:35
Sources 1
About this happening:
In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
2025 Automotive carmakers ransomware surge
Target TrendAbout this happening: In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
Halcyon automotive ransomware mitigation guidance
Advisory/Mitigation
First: 16.04.2026 11:35
Last: 16.04.2026 11:35
Sources 1
About this happening:
**Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...
Halcyon automotive ransomware mitigation guidance
Advisory/MitigationAbout this happening: **Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor Meta
First: 31.03.2026 15:15
Last: 31.03.2026 15:15
Sources 1
About this happening:
TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor MetaAbout this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target Trend
First: 17.03.2026 23:41
Last: 17.03.2026 23:41
Sources 1
About this happening:
**Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target TrendAbout this happening: **Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
Ransomware victim payment rates hit record low as claimed attacks surged
Target Trend
First: 26.02.2026 16:00
Last: 26.02.2026 16:00
Sources 1
About this happening:
Ransomware victim payment rates **fell to 28%** last year, an all-time low, even as **claimed attacks** rose **50% year-over-year**. The divergence suggests extortion operations a...
Ransomware victim payment rates hit record low as claimed attacks surged
Target TrendAbout this happening: Ransomware victim payment rates **fell to 28%** last year, an all-time low, even as **claimed attacks** rose **50% year-over-year**. The divergence suggests extortion operations a...
Timeline
-
18.02.2026 13:30 3 articles · 3mo ago
Ransomware ecosystem fragments into smaller agile cells
Campaign Scope UpdateA 2025 ransomware ecosystem analysis recorded 7,458 victims on dark web leak sites, a 30% annual increase, while active ransomware groups reached 124 with 73 new groups identified. The trend points to a more fragmented market in which large syndicates are breaking into smaller, agile cells and AI is lowering the barrier to entry through social engineering, exfiltrated-data analysis, ransomware negotiations, and code refinement to bypass defenses.
Show sources
- Record Number of Ransomware Victims and Groups in 2025 — www.infosecurity-magazine.com — 18.02.2026 13:30
- Record Number of Ransomware Victims and Groups in 2025 — www.infosecurity-magazine.com — 18.02.2026 13:30
- Ransomware payment rate drops to record low as attacks surge — www.bleepingcomputer.com — 26.02.2026 16:00