New Report from GuidePoint Research and Intelligence Team (GRIT) Reveals a 57% YoY Increase in Active Ransomware Groups as Victim Volume Stabilizes

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today the release of its quarterly Ransomware & Cyber Threat Report from the GuidePoint Research and Intelligence Team (GRIT).

Covering the third quarter of 2025, the new GRIT Q3 2025 Ransomware & Cyber Threat Report provides in-depth analysis of the evolving Ransomware as a Service (RaaS) ecosystem, threat actor behaviors and emerging cybercrime trends, including a 57% year-over-year increase in the number of active ransomware groups.

“Ransomware activity has settled into a new normal, averaging 1,500 to 1,600 victims per quarter since late 2024,” said Nick Hyatt, Senior Threat Intelligence Analyst at GuidePoint Security. “Yet while overall activity has stabilized, the number of distinct ransomware groups has surged to a record 77 — highlighting both the consolidation of skilled operators within major RaaS platforms and the ongoing churn of emerging or lower-skill actors entering the ecosystem.”

The Q3 2025 Ransomware & Cyber Threat Report also explores new state rules surrounding ransomware payments, examines threat actors SafePay and Rhysida and analyzes the impact of law enforcement actions targeting cybercriminal forums.

Key findings include:

• A 57% year-over-year increase in active ransomware groups, climbing from 49 in Q3 2024 to an all-time high of 77 in Q3 2025.
• Ransomware victim numbers have stabilized at approximately 1,500-1,600 per quarter since Q4 2024, suggesting a "new normal" baseline of activity.
• Qilin activity surged 318% year-over-year, claiming 234 victims this quarter — 15% of the total.
• 56% of observed ransomware victims in Q3 2025 were based in the United States, followed by Germany (4.89%) and the United Kingdom (3.81%).
• The manufacturing, technology and legal industries were most heavily impacted by ransomware. Notably, manufacturing attacks rose 26% quarter-over-quarter.

"The growing diversity of ransomware groups is creating new challenges for defenders," Hyatt added. "While established actors like Qilin and Akira are streamlining their operations, newer groups such as SafePay demonstrate how even small, insular actors can thrive by staying under the radar. This ‘new normal’ isn’t a reason for complacency — it underscores the need for sustained vigilance in an increasingly fragmented threat landscape.”

The Ransomware & Cyber Threat Report is based on data obtained from publicly available resources, including threat groups themselves, as well as threat analyst insights into the ransomware threat landscape.

For more information:

• Download the GRIT Q3 2025 Ransomware & Cyber Threat Report
• Register for GRIT’s upcoming webinar
• Read our blog for more Q3 threat insights

About GuidePoint Security

GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled 40% of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at www.guidepointsecurity.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251009236715/en/

This ‘new normal’ isn’t a reason for complacency — it underscores the need for sustained vigilance in an increasingly fragmented threat landscape.