"In Q3 2025, Check Point Research recorded a record 85 active ransomware and extortion groups, the highest ever observed. What was once a concentrated market dominated by a few ransomware-as-a-service (RaaS) giants has splintered into dozens of smaller, short-lived operations. This proliferation of leak sites represents a fundamental structural shift. The same enforcement and market pressures that disrupted large RaaS groups have fueled a wave of opportunistic, decentralized actors, many run by former affiliates now operating independently."
"Across more than 85 monitored leak sites, ransomware operators published: 1,592 new victims in Q3 2025. An average of 535 disclosures per month. A major power shift: the top ten groups accounted for just 56% of victims, down from 71% earlier this year. Smaller actors are now posting fewer than ten victims each, reflecting a rise in independent operations outside traditional RaaS hierarchies. Many emerged from the collapse of RansomHub, 8Base, and BianLian. Fourteen new groups began publishing in Q3 alone,"
Q3 2025 recorded a record 85 active ransomware and extortion groups, producing a highly decentralized ecosystem. Ransomware operators disclosed 1,592 new victims across monitored leak sites, averaging 535 disclosures monthly. The top ten groups accounted for 56% of victims, down from 71%, indicating fragmentation. Fourteen new ransomware brands launched in the quarter, and many smaller actors now post fewer than ten victims each. The collapse of RansomHub, 8Base, and BianLian contributed to the rise of independent operators. LockBit resurfaced with version 5.0, raising the possibility of partial re-centralization. Fragmentation at this scale erodes predictability and undermines reputation-based intelligence and attribution.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]