Takedowns and arrests didn't slow down ransomware in 2025

News
By published

Despite the police's best efforts, ransomware continues to rise

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)
  • Ransomware victims rose from ~5,400 in 2023 to 8,000+ in 2025, a 53–63% increase
  • Major groups like RansomHub, BianLian, and Hunters International shut down, but overall numbers grew
  • Active groups surged to 126–141, with Qilin, Cl0p, Play, and INC Ransom leading attacks

Despite the police’s best efforts to rid the world of ransomware, not much has changed in 2025, and the infamous cybercriminal practice continued on its upward trajectory.

This is according to “The State of Ransomware in the US: Report and Statistics 2025”, a new report published by security researchers Emsisoft.

Based on data from two separate sources - RansomLook.io and Ransomware.live - collected between 2023 and 2025, Emsisoft determined that some of the biggest players were either disrupted by law enforcement or shut down on their own. But, it didn't do much to slow down the attacks.

The disappearance of giants

“Since 2023, the number of globally claimed victims has increased from approximately 5400 annually to over 8000 in 2025,” the report states.

“Double digit annual growth has led to 2023/2025 increases of between 53% (using Ransomware.live data) and 63% (RansomLook.io data).” Emsisoft also added that the actual numbers are likely significantly higher, since only a minority of incidents get reported and tracked.

At the same time, some of the groups that were seen as the biggest threats, were shut down or disappeared last year. That includes RansomHub (breached Kawasaki Motors Europe, Planned Parenthood, and Manpower), BianLian (Boston’s Children’s Health Physicians, Mizuno USA, Northern Minerals), or Hunters International (Tata Technologies, Dell), as well as many others: Babuk-Bjorka, FunkSec, 8Base, and Cactus.

In absolute terms, however, the number of ransomware groups actually grew. In fact - the more victims there are, the more attackers there are. The data shows around 70 active groups in 2023, rising to between 126 and 141 in 2025.

Qilin, Akira, Cl0p, Play, Safepay, and INC Ransom seem to be the most active groups this year, pushing out older heavy hitters such as LockBit, ALPHV (now shut down), 8Base, or Akira.

“The disappearance of successful groups often results in open competition to attract the most productive affiliates,” Emsisoft concludes. We can hold out hope that although victim counts continue to increase, the pressure being applied by international law enforcement activity does appear to be having an impact on the criminal gangs."

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.