Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Group

Staff Editor 2026-01-29
Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Group

Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Group

https://www.infosecurity-magazine.com/news/ransomware-numbers-rise-despite/

Publish Date: 2026-01-29 08:01:00

Source Domain: www.infosecurity-magazine.com

Ransomware gangs claimed a deluge of victims during the final quarter of 2025, despite a decline in the number of active ransomware groups, analysis by cybersecurity researchers at ReliaQuest has revealed.

As detailed in the company’s Ransomware and Cyber Extortion in Q4 2025 report, the number victim organizations which had their data posted on ransomware leak sites in the final three months of 2025 was up by 50% compared with the previous quarter, and increased by 40% compared with the same period in the previous year.

The organizations which had data published on leak sites were victims of ransomware attacks and the perpetrators released some of the stolen data during their intrusion to put additional pressure on the target to pay a ransom.

Despite the rise in data leaks, ReliaQuest’s analysis of attacks suggested that the number of ransomware groups has declined. However, the most organized operators have increased their output.

“Regardless of which groups rise or fall quarter to quarter, the sustained increase in data-leak site posts emphasizes that ransomware remains a persistent, growing threat even as individual group names come and go,” said Gautham Ashok, cyber threat intelligence analyst at ReliaQuest.

Qilin, Akira and Sinobi Drive Late-2025 Ransomware Wave

Top-tier ransomware-as-a-service (Raas) schemes continue to focus on speed of execution by gaining access to networks as quickly as possible to avoid malicious activity being detected before they execute the ransomware.

According to the ReliaQuest Threat Research Team, the most prolific ransomware groups during the final portion of 2025 were Qilin, Akira and Sinobi.

Qilin ransomware accounts for the largest number of compromised organizations with over 450 victims, including Japanese brewer Asahi. Qilin is followed by Akira ransomware, which analysis suggests claimed over 200 victims.

The third most prolific group on data-leak sites during the period was Sinobi, which saw listings…

Source

More Stories

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Staff Editor 2026-06-06
Three highlights in latest DHS spending bill

Three highlights in latest DHS spending bill

Staff Editor 2026-06-05
Mountain Rides resolves cybersecurity threat | Transportation

Mountain Rides resolves cybersecurity threat | Transportation

Staff Editor 2026-06-05

Terms and Conditions - Privacy Policy