We've curated 6 cybersecurity statistics about Ransomware groups to help you understand how these organized cybercriminals are evolving their tactics, targeting vulnerabilities, and leveraging advanced technologies to hold businesses hostage in 2025.
Showing 1-6 of 6 results
In 2025, 5.9% of ransomware attacks were attributed to Qilin, 5.9% to Clop, 5.0% to Akira, 2.9% to Play, and 2.7% to SafePay.
The top five ransomware groups — Qilin, Clop, Akira, Play, and SafePay — were responsible for 938 incidents, accounting for nearly 25% of all ransomware attacks in 2025.
In 2025, there were 103 distinct ransomware threat actors observed targeting critical infrastructure.
Out of 103 active ransomware groups, five groups accounted for nearly 25% of global ransomware incidents.
Qilin was responsible for 248 incidents, Clop for 246 incidents, Akira for 209 incidents, Play for 120 incidents, and SafePay for 115 incidents in 2025.
In 2025, 77.7% of ransomware attacks were attributed to other actors outside the top five groups.