Ransomware rose by 21% in 2024.

Germany rose to second most targeted country by ransomware in Q2 2025, climbing two spots from fourth in Q1 2025.

DragonForce emergence: December 2023.

Qilin emerged as the top ransomware threat in Q2 2025.

Lynx experienced a 41% drop in activity between Q1 and Q2 2025.

Qilin showed an 80% increase in activity in Q2 compared to Q1 2025.

Akira listed approximately 130 organizations to its data-leak site each quarter in 2025.

LockBit named just 24 organizations on its data-leak site in Q2 2025. This figure represents only 11% of its Q2 2024 victim count.

80% of the organizations named by Qilin in Q2 were based in the US.

Akira showed a 348% rise in the number of organizations named in Q2 2025 compared to the same period last year.

SafePay's activity increased by 42% in Q2 2025 compared to Q1 2025.

Akira has already listed 15% more victims in the first half of 2025 than it did throughout the entirety of 2024.

Spain and other Spanish-speaking countries each accounted for less than 4% of Qilin's total victim volume in Q2.

In Q1 2025, Clop named 389 victims on its data-leak site in February alone.

Q2 2025 saw a 31% decrease in named ransomware victims compared to the previous quarter, marking a return to more typical levels.

Construction was the third most targeted sector by ransomware in Q2 2025.

Retail trade accounted for only 4% of total ransomware victims in Q2 2025.

DragonForce activity was up 119% between Q1 and Q2 2025.

The US remained the most targeted country by ransomware, accounting for 67% of the total organizations named on ransomware data-leak sites in Q2.

The SLED sector faced 70% of ransomware attacks.