The healthcare sector was the most targeted with 52 publicly disclosed ransomware attacks between April - June 2025.

The services industry was the hardest hit among undisclosed attacks, accounting for 23% (337) of all undisclosed attacks in Q2 2025.

80.9% of all ransomware attacks go unreported.

The government sector was the second most targeted for ransomware, with 45 publicly disclosed attacks between April - June 2025.

There were 1,446 undisclosed ransomware attacks in Q2. This marks a 19% increase in undisclosed attacks compared to the same quarter in 2024.

May had a 40% increase in publicly disclosed ransomware attacks year-on-year, with a total of 91 attacks.

There was a 63% increase in publicly disclosed ransomware attack volumes in Q2 2025 compared to Q2 2024.

52% of observed ransomware victims in Q2 2025 were based in The United States.

The healthcare sector dropped out of the top five most targeted industries by ransomware for the first time since Q2 2022.

There were 191 disclosed ransomware victims in the financial sector in 2023.

Nearly one-third (26.6%) of finance threat actors are attributed to "Other", which includes emerging or short-lived groups, highlighting a more fragmented and unpredictable ransomware landscape.

Qilin saw an 85% increase in activity, making it the most active threat group in Q2 2025.

23% of observed ransomware victims in Q2 2025 were based in Singapore.

There has been a 45% year-over-year rise in active ransomware groups.

5% of observed ransomware victims in Q2 2025 were based in Canada.

The number of active ransomware groups climbed from 45 in Q2 2024 to 71 in Q2 2025.

There were 156 disclosed ransomware victims in the financial sector in 2024.

Ransomware victim numbers remain elevated year-over-year (+43%).

There was a 23% decline in publicly reported ransomware incidents in Q2 2025, which may indicate changing attacker patterns beyond seasonal norms.

As of mid-2025, only 55 ransomware victims have been disclosed in the financial sector.