Skip to main content
HomeTopicsRansomware Groups

Ransomware Groups

We've curated 19 cybersecurity statistics about Ransomware groups to help you understand how these organized cybercriminals are evolving their tactics, targeting vulnerabilities, and leveraging advanced technologies to hold businesses hostage in 2025.

Showing 1-19 of 19 results

38% of publicly disclosed ransomware incidents were not attributed to any known group in Q1 2026.

BlackFog5/27/2026
RansomwareAttribution

Among undisclosed ransomware attacks in Q1 2026, Qilin led with 339 attacks (16%), The Gentlemen 200 attacks (9%), and Akira 190 attacks (9%).

BlackFog5/27/2026
RansomwareQilin

Among publicly disclosed attacks, Qilin was responsible for 22 attacks (8%), ShinyHunters 16 attacks (6%), and INC 11 attacks (4%).

BlackFog5/27/2026
RansomwareQilin

The Gentlemen claimed 273 attacks since its emergence in 2025 through the end of Q1 2026.

BlackFog5/27/2026
RansomwareThe Gentlemen

129 ransomware groups were active during 2025.

Ontinue5/27/2026
RansomwareThreat Actors

Qilin claimed the most victims in 2025 (835), followed by Akira (650), Cl0p (517), Play (363), INC (334), Safepay (306), Lynx (253), RansomHub (233), DragonForce (181), and Babuk (176).

Securin5/27/2026
Ransomware

2025 ransomware market share by group: Qilin (23%), Akira (18%), Cl0p (14%), Play (10%), INC (9%), Safepay (8%), Lynx (7%), RansomHub (6%), DragonForce (5%).

Securin5/27/2026
Ransomware

Active ransomware and extortion groups increased by 49% year over year.

IBM5/27/2026
Extortion Groups

The Akira ransomware group was linked to 776 total recorded attacks in 2025.

BlackFog2/14/2026
RansomwareThreat Actors

Fifty-two new ransomware groups emerged in 2025, a 9% increase compared to 2024.

BlackFog2/14/2026
RansomwareThreat Actors

A total of 130 different ransomware groups carried out attacks in 2025.

BlackFog2/14/2026
RansomwareThreat Actors

The INC ransomware group claimed 66 victims in undisclosed activity in 2025.

BlackFog2/14/2026
RansomwareThreat Actors

The Qilin ransomware group claimed 1,115 victims in 2025, making it the most active ransomware group across disclosed and undisclosed attacks.

BlackFog2/14/2026
RansomwareThreat Actors

The top five ransomware groups — Qilin, Clop, Akira, Play, and SafePay — were responsible for 938 incidents, accounting for nearly 25% of all ransomware attacks in 2025.

KELA10/21/2025
RansomwareRansomware groups

Qilin was responsible for 248 incidents, Clop for 246 incidents, Akira for 209 incidents, Play for 120 incidents, and SafePay for 115 incidents in 2025.

KELA10/21/2025
RansomwareRansomware groups

Out of 103 active ransomware groups, five groups accounted for nearly 25% of global ransomware incidents.

KELA10/21/2025
RansomwareRansomware groups

In 2025, 77.7% of ransomware attacks were attributed to other actors outside the top five groups.

KELA10/21/2025
RansomwareRansomware groups

In 2025, there were 103 distinct ransomware threat actors observed targeting critical infrastructure.

KELA10/21/2025
RansomwareRansomware groups

In 2025, 5.9% of ransomware attacks were attributed to Qilin, 5.9% to Clop, 5.0% to Akira, 2.9% to Play, and 2.7% to SafePay.

KELA10/21/2025
RansomwareRansomware groups