{"id":43766,"date":"2026-02-19T00:17:57","date_gmt":"2026-02-18T16:17:57","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/19\/record-number-of-ransomware-victims-and-groups-in-2025-infosecurity-magazine\/"},"modified":"2026-02-19T00:17:57","modified_gmt":"2026-02-18T16:17:57","slug":"record-number-of-ransomware-victims-and-groups-in-2025-infosecurity-magazine","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/02\/19\/record-number-of-ransomware-victims-and-groups-in-2025-infosecurity-magazine\/","title":{"rendered":"Record Number of Ransomware Victims and Groups in 2025 &#8211; Infosecurity Magazine"},"content":{"rendered":"<p>Security researchers observed a 30% annual increase in ransomware victims listed on extortion sites last year, with AI helping to lower the barrier to entry for new threat groups.<\/p>\n<p>Searchlight Cyber&#39;s&nbsp;new report, <em>Ransomware&rsquo;s Record Year: Tracking a Volatile Landscape in H2 2025<\/em>, tracked 7458 victims on dark web leak sites in 2025.<\/p>\n<p>These numbers were split virtually 50:50 between the first and second half of the year. To put the annual growth figure in perspective, victim numbers increased by just 13% between 2023 and 2024.<\/p>\n<p>At the same time, the number of ransomware groups hit a new high of 124, with 73 new groups identified in 2025.<\/p>\n<p>Although Searchlight Cyber describes these as &ldquo;record&rdquo; highs, it has only been tracking the market since 2023.<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/active-ransomware-groups-surge\/\" target=\"_blank\"><em>Read more on ransomware: Active Ransomware Groups Surge by 56% in 2024.<\/em><\/a><\/p>\n<p>It remains to be seen whether these victim numbers translate into a bigger windfall for threat actors.<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/ransomware-payments-decline\/\" target=\"_blank\">Chainalysis data for 2024 revealed<\/a> that payments to ransomware groups fell 35% annually in 2024 as victims increasingly refused to cave in to extortionists&rsquo; demands. That&rsquo;s despite an increase in reported ransomware &ldquo;events.&rdquo;<\/p>\n<p>It&rsquo;s unlikely that this general trend changed in 2025.<\/p>\n<h2><strong>AI as a Force Multiplier<\/strong><\/h2>\n<p>That said, there are signs that technological advances are helping adversaries.<\/p>\n<p>Searchlight Cyber claimed that AI is already lowering the barrier to entry for non-specialist groups, by assisting with social engineering, analysis of exfiltrated data, and even ransomware negotiations.<\/p>\n<p>The coders behind the main variants are also using AI tools to refine and adapt their code in order to bypass security defenses, the report claimed.<\/p>\n<p>Searchlight Cyber <a href=\"https:\/\/slcyber.io\/whitepapers-reports\/the-ransomware-landscape-in-h2-2025\/?_gl=1*u5kb29*_up*MQ..*_ga*MTg5MDM5MTc3OS4xNzcxNDA4NDAx*_ga_L2EH29MHLE*czE3NzE0MDg0MDAkbzEkZzAkdDE3NzE0MDg0MDAkajYwJGwwJGg3NzgyNTcxODI.\" target=\"_blank\">explained <\/a>that the main causes of ransomware breaches which organizations must focus on are:<\/p>\n<ul>\n<li>Insider threats, including current and former employees, contractors and partners<\/li>\n<li>Process failures, such as inadequate patching, missing multi-factor authentication (MFA), poor log management, and lack of employee security awareness training<\/li>\n<li>Compromise of legitimate accounts using phishing, brute-force attacks, or credential stuffing<\/li>\n<li>Exploits of known and unknown vulnerabilities for initial access<\/li>\n<li>Initial access brokers (IABs) that pounce on remote desktop protocol (RDP) vulnerabilities, compromised virtual private network (VPN) accounts, and unpatched internet-facing servers<\/li>\n<\/ul>\n<p>Searchlight Cyber head of threat intelligence, Luke Donovan, claimed the ransomware ecosystem remains highly professionalized and effective, despite law enforcement disruption.<\/p>\n<p>&ldquo;While we saw a very slight dip in victim numbers in the second half of the year, this should not be interpreted as a victory,&rdquo; he added. &ldquo;The landscape continues to fragment; large monolithic syndicates are fracturing into smaller, agile cells, and with the number of active groups at an all-time high, the threat landscape has become more complex and difficult to track than ever before.&quot;<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researchers observed a 30% annual increase in  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-43766","post","type-post","status-publish","format-standard","hentry","category--infosecurity-magazine"],"_links":{"self":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/43766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/comments?post=43766"}],"version-history":[{"count":0,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/43766\/revisions"}],"wp:attachment":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/media?parent=43766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/categories?post=43766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/tags?post=43766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}