The retail sector saw its highest ever Q2 2025 ransomware attack volumes, with publicly disclosed incidents jumping by 58% compared to Q1 2025.

The services industry was the third most targeted for ransomware, with 33 publicly disclosed attacks between April - June 2025.

There was a 63% increase in publicly disclosed ransomware attack volumes in Q2 2025 compared to Q2 2024.

April experienced a 51% increase in publicly disclosed ransomware attacks year-on-year, with a total of 89 attacks.

A total of 276 publicly disclosed ransomware incidents occurred from April to June 2025.

The Construction, Hospitality, and Arts and Entertainment sectors reported their highest ever Q2 2025 ransomware attack volumes.

95% of publicly disclosed ransomware attacks involved the theft of sensitive information.

Ransomware victim numbers remain elevated year-over-year (+43%).

Nearly one-third (26.6%) of finance threat actors are attributed to "Other", which includes emerging or short-lived groups, highlighting a more fragmented and unpredictable ransomware landscape.

There was a 23% decline in publicly reported ransomware incidents in Q2 2025, which may indicate changing attacker patterns beyond seasonal norms.

The number of active ransomware groups climbed from 45 in Q2 2024 to 71 in Q2 2025.

There were 191 disclosed ransomware victims in the financial sector in 2023.

Qilin saw an 85% increase in activity, making it the most active threat group in Q2 2025.

Ransomware rose by 21% in 2024.

52% of observed ransomware victims in Q2 2025 were based in The United States.

As of mid-2025, only 55 ransomware victims have been disclosed in the financial sector.

5% of observed ransomware victims in Q2 2025 were based in Canada.

23% of observed ransomware victims in Q2 2025 were based in Singapore.

The healthcare sector dropped out of the top five most targeted industries by ransomware for the first time since Q2 2022.

There were 156 disclosed ransomware victims in the financial sector in 2024.