The State of Ransomware Q2 2025: Decline of Major Groups, Rise of Data-Driven Extortion
The global ransomware ecosystem shifted dramatically in Q2 2025, with the disappearance of several prominent ransomware-as-a-service (RaaS) groups including LockBit, RansomHub, and 8Base. Law enforcement crackdowns, shrinking payment rates, and tougher national policies on ransom payments contributed to a 6% decline in publicly listed victims compared to the previous year’s monthly average. This fragmentation has weakened centralized control, but activity continues, driven by emerging groups and smaller, independent actors.
Qilin emerged as the most dominant ransomware group this quarter, adopting aggressive new extortion methods such as regulatory pressure campaigns and AI-driven victim harassment. Meanwhile, DragonForce expanded its “Ransomware Cartel” model, giving affiliates brand autonomy, while Hunters International shifted entirely to data-theft-based extortion via its new “World Leaks” platform. Despite a downturn in volume, ransomware remains a persistent threat, with healthcare and high-value sectors continuing to face significant risk.
#Ransomware #CyberSecurity #RaaS #Qilin #DragonForce #HuntersInternational #LockBit #CyberThreats #DataExtortion #CyberCrime #RansomwareCartel #WorldLeaks #InfoSec #CyberDefense #ThreatLandscape #Malware #DataTheft #CyberResilience #GlobalSecurity #LawEnforcement #CyberExtortion #HealthcareSecurity #INC #DigitalThreats #AIInCybercrime #CyberPolicy #DataSecurity #CyberAttack #CyberIntelligence #CyberAwareness
