"Trackers keeping an eye on ransomware leak sites logged more than 8,000 claimed victims worldwide in 2025, a rise of more than 50 percent compared to 2023. The counts come from outfits watching dark web shaming pages such as Ransomware.live and RansomLook.io, so they only include cases where crooks decided to post receipts. Plenty of victims, Emsisoft says, will have paid up, recovered, or kept quiet without ever appearing on a leak site."
"Emsisoft's numbers also suggest there are more gangs in the game than there were a couple of years ago, with the count of active ransomware crews climbing from a few dozen in 2023 to well into three figures by the end of 2025. Instead of a handful of mega-brands dominating, the scene now looks messier, with lots of smaller outfits popping up, disappearing, and reappearing under new names as affiliates drift between operations."
Ransomware attacks rose in 2025, with leak-site claims exceeding 8,000 victims worldwide — over a 50 percent increase since 2023. Leak-site counts come from dark-web shaming pages and capture only incidents where attackers publicly posted victims. Many other incidents likely involved payments, successful recovery, or quiet non-disclosure. Active ransomware crews expanded from a few dozen in 2023 to well into three figures by late 2025. The ecosystem shifted from a few dominant brands to many smaller, transient outfits and affiliate-driven operations. Law enforcement takedowns disrupted brands but often failed to eliminate perpetrators, who frequently reemerge under new names.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]