Ransomware surge: increase in attacks and groups detected in 2025

Searchlight Cyber's latest research reveals a significant rise in ransomware attacks, identifying record victims and new active groups in 2025.

  • Friday, 27th February 2026 Posted 4 months ago in by Sophie Milburn
In 2025, research from Searchlight Cyber outlines a challenging cybersecurity landscape, with ransomware groups reaching high levels of activity. The analysis is based on dark web intelligence and examines trends in ransomware operations throughout the year.

Ransomware attacks increased in 2025, with 7,458 victims listed on dark web platforms. This represents a 30% rise compared with the previous year. Although victim numbers declined slightly in the second half of the year, the report notes a significant increase in active ransomware groups, reaching a peak of 93 during that period.

Overall, 124 active groups were recorded during the year, supported by 73 new entrants. The growth in group activity highlights ongoing expansion within the ransomware ecosystem and increased pressure on cybersecurity teams.

The Qilin group recorded a 420% increase in activity compared with the previous year and emerged as one of the most active groups in the second half of 2025.

The report also highlights the emergence of so-called “Supergroups,” where smaller threat actors collaborate to expand operational capacity. In addition, the integration of artificial intelligence has lowered barriers to entry, enabling greater automation of attacks and contributing to the evolving threat landscape.

Activity among the most prominent ransomware groups included:

Qilin — 697 victims
Akira — 384 victims
IncRansom — 213 victims
Sinobi — 180 victims
Play — 164 victims

These groups accounted for a significant portion of recorded incidents, with newer groups such as Sinobi leveraging ransomware-as-a-service models to scale operations.

The report concludes by emphasising the importance of proactive defensive measures to address ransomware risks. It also references vulnerabilities described as “Shadow Exposure” in third-party software, highlighting supply chain risks and the need for organisations to address exposure points alongside external threats.

Cyber attacks surge in UK healthcare sector

Posted 9 hours ago by Sophie Milburn
SonicWall reports a rise in cyber attacks against the UK healthcare sector, with a focus on dated vulnerabilities and new technological risks.

Tenable joins OpenAI in the battle against cyber threats

Posted 11 hours ago by Sophie Milburn
Tenable and OpenAI partner to harness AI in confronting evolving cyber threats and enhancing exposure management capabilities.
Cynomi has introduced new integrations, automated scanning capabilities, a centralised document repository, and enhanced AI features aimed at...
At Kaseya Connect Europe in Prague, Kaseya outlined updates to its Kaseya Intelligence platform, including new AI automation features, integrations,...
Netskope has introduced its Catalyst MSP/SP Programme to help managed service providers deliver SASE services in cloud and AI-driven environments,...
Foxit is celebrated at Pax8 Beyond 2026 for its contributions to the channel ecosystem through document intelligence solutions.
Wipro enhances enterprise AI capabilities by launching an Applied AI CoE for Claude models, aimed at accelerating AI adoption across industries.
MSP GLOBAL 2026 returns to PortAventura, blending business and festival vibes for a networking experience.