Q3 2025 Ransomware Research Report

The third quarter of 2025 had a total of 1,529 ransomware attacks recorded between June 1st and September 30th.

We have released the Q3 2025 Ransomware Research report. 1,529 ransomware attacks were recorded in Q3 2025, a 2.7% increase from the previous quarter.

This report dives into how ransomware operations are a thriving industry. Providing insights into the number of attacks per group and the number of active groups, tracking trends starting in Q1 2023.

To get the full depth of insights, download the Q3 2025 Ransomware Research Report today.

Report insights include: 

  • Five groups: Qilin, Akira, INC Ransom, Play, and DragonForce, accounted for over 40% of all activity.
  • Manufacturing was the most targeted sector last quarter.
  • SharePoint exploits and OAuth abuse emerged as dominant initial access methods.
  • Ransomware attacks rose to 1,529 in Q3 2025, up 2.7% from the previous quarter.

The CyberMaxx team of cyber researchers conducts routine threat research independent of client engagements. The purpose of our research is to help foster collective intelligence among the cybersecurity community.

While conducting their research, the team discovers and analyzes ongoing ransomware attacks occurring in the wild.