Ransomware victim listings and active groups surge across 2025
Target Trend
Summary
Hide ▲
Show ▼
Ransomware victim listings climbed to 7,458 on leak sites in 2025, while active groups reached 124, signaling a broader and more fragmented extortion ecosystem.
Related Happenings
CL-CRI-1116 / BlackFile overlap with The Com
Threat Actor Meta
First: 27.04.2026 11:15
Last: 27.04.2026 11:15
Sources 1
About this happening:
Researchers linked **CL-CRI-1116** to overlapping labels including **BlackFile**, **UNC6671**, and **Cordial Spider**, suggesting the extortion cluster sits inside a broader **The...
CL-CRI-1116 / BlackFile overlap with The Com
Threat Actor MetaAbout this happening: Researchers linked **CL-CRI-1116** to overlapping labels including **BlackFile**, **UNC6671**, and **Cordial Spider**, suggesting the extortion cluster sits inside a broader **The...
2025 Automotive carmakers ransomware surge
Target Trend
First: 16.04.2026 11:35
Last: 16.04.2026 11:35
Sources 1
About this happening:
In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
2025 Automotive carmakers ransomware surge
Target TrendAbout this happening: In **2025**, ransomware became the **fastest-growing** and most disruptive threat to **automotive carmakers**, accounting for **44% of attacks** and **more than doubling** over th...
Halcyon automotive ransomware mitigation guidance
Advisory/Mitigation
First: 16.04.2026 11:35
Last: 16.04.2026 11:35
Sources 1
About this happening:
**Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...
Halcyon automotive ransomware mitigation guidance
Advisory/MitigationAbout this happening: **Halcyon** urged **automotive sector IT teams** to harden their environments against a **ransomware threat** that is pressuring carmakers and their suppliers. The guidance priori...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor Meta
First: 31.03.2026 15:15
Last: 31.03.2026 15:15
Sources 1
About this happening:
TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor MetaAbout this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target Trend
First: 17.03.2026 23:41
Last: 17.03.2026 23:41
Sources 1
About this happening:
**Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target TrendAbout this happening: **Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
Timeline
-
18.02.2026 13:30 2 articles · 3mo ago
Ransomware victim listings and active groups surge in 2025
Campaign Scope UpdateSecurity researchers say organizations listed on dark web leak sites rose to 7,458 victims in 2025, a 30% annual increase, while active ransomware groups reached 124 with 73 new groups identified. The same analysis says AI is lowering the barrier to entry for non-specialist groups by helping with social engineering, analysis of exfiltrated data, ransomware negotiations, and code refinement, and that common access paths still include phishing, brute-force attacks, credential stuffing, compromised VPN accounts, unpatched internet-facing servers, and missing multi-factor authentication (MFA).
Show sources
- Record Number of Ransomware Victims and Groups in 2025 — www.infosecurity-magazine.com — 18.02.2026 13:30
- Record Number of Ransomware Victims and Groups in 2025 — www.infosecurity-magazine.com — 18.02.2026 13:30