Picus Security: Ransomware Group Activity Increased in 2025
A report from Picus Security reveals a significant increase in ransomware attacks during 2025. Global victim counts rose by over 2,000 cases compared to 2024.
Cybersecurity firm Picus Security's 2025 report indicates a significant acceleration in ransomware attacks. The global victim count reached 8,159, an increase of over 2,000 cases compared to the previous year. This trend suggests that cybercriminals are becoming faster and more aggressive.
The report analyzes the top ten ransomware groups that dominated the 2025 threat landscape. While established actors like LockBit continue their operations, new players have emerged. Notably, the Qilin group has rapidly expanded its operations and is now a leading threat. The Akira group has also significantly grown in prominence.
The prevalence of ransomware threats has increased rapidly, partly due to Ransomware-as-a-Service (RaaS) platforms that lower the barrier to entry for attacks. The report highlights that defensive measures are in a constant race against the rising volume of attacks.
Picus Security utilizes its own simulations to validate organizations' security controls against these threats. The Qilin group was identified as responsible for over 900 exposures in 2025, followed by Akira with over 700 cases. Double-extortion tactics, involving data theft before encryption, are becoming increasingly common.