Total financial losses for Scattered Spider victims have ranged from tens to hundreds of millions of dollars.

In 2023, Caesars reportedly paid a $15 million ransom to Scattered Spider.

There was a reported lull in activity in 2024 for Scattered Spider.

7% of companies, or 1,037 firms, use at least one of the group’s preferred technologies and exhibit security weaknesses that could enable partial attack progression.

In May 2025, UK retailers Marks & Spencer and Co-op faced combined damages estimated at up to $592 million due to Scattered Spider.

Among highest-risk companies of Scattered Spider attacks, seven aviation firms were identified, including Hawaiian Airlines, which was a recent victim.

Over 36 months, 21 major publicly disclosed cyber incidents have been attributed to Scattered Spider.

The US remained the most targeted country by ransomware, accounting for 67% of the total organizations named on ransomware data-leak sites in Q2.

Germany rose to second most targeted country by ransomware in Q2 2025, climbing two spots from fourth in Q1 2025.

Spain and other Spanish-speaking countries each accounted for less than 4% of Qilin's total victim volume in Q2.

DragonForce emergence: December 2023.

DragonForce activity was up 119% between Q1 and Q2 2025.

Lynx experienced a 41% drop in activity between Q1 and Q2 2025.

80% of the organizations named by Qilin in Q2 were based in the US.

Qilin showed an 80% increase in activity in Q2 compared to Q1 2025.

Q2 2025 saw a 31% decrease in named ransomware victims compared to the previous quarter, marking a return to more typical levels.

In Q1 2025, Clop named 389 victims on its data-leak site in February alone.

SafePay's activity increased by 42% in Q2 2025 compared to Q1 2025.

LockBit named just 24 organizations on its data-leak site in Q2 2025. This figure represents only 11% of its Q2 2024 victim count.

Akira listed approximately 130 organizations to its data-leak site each quarter in 2025.