Ransomware and Cyber Threat Insights Q2 2025

This Technical Report presents an analysis of ransomware and cyber threats observed in the second quarter of 2025. The report outlines the methodology used to collect data from publicly available resources, emphasizing that the data has not been validated by alleged victims and may contain inaccuracies. It documents a 22.9% decrease in observed ransomware victims compared to the previous quarter, marking the largest reduction since tracking began. Despite this decline, there was a 43.3% increase in publicly claimed victims year-over-year. The report details the impact of various threat groups, including Qilin, Akira, and Play, on the ransomware landscape, noting their increased activity and the challenges they face. Additionally, it highlights trends in victim demographics, with the manufacturing sector being the most affected. The report concludes with a geographic breakdown of ransomware impacts, indicating that the United States remains the most targeted country. Overall, the findings suggest a complex and evolving ransomware ecosystem.