Table of Contents
Linthicum Heights, MD – February 6th, 2026 – CyberMaxx, the leading managed detection and response (MDR) provider, released its Quarterly Ransomware Research Report today. The report reveals that Q4 2025 saw a rise in attacks from Q3 and that 2025 overall saw an increase in attacks compared to 2024.
The total number of ransomware attacks in 2025 rose to 7,884, up from 7,041 in 2024, representing a 12% year-over-year increase. High attack volumes persisted despite quarterly fluctuations.
According to CyberMaxx research, there were 2,406 total attacks in Q4 2025 (October – December), a significant increase from Q3 2025 (July – September), which saw 1,529 total attacks. This rebound is comparable to Q4 2024 (2,358 attacks), reflecting year-end budget pressures and operational strain.
A small number of ransomware groups remained responsible for a disproportionate share of activity. Despite a higher number of attacks, Q4 saw only 71 active groups, down from 77 in Q3. This pattern indicates consolidation, with larger groups succeeding while smaller groups struggled or dropped off.
Qilin, Akira, and Sinobi were the leading ransomware groups in Q4 2025, with each demonstrating a different success model. Qilin leads through large-scale, high-volume attacks backed by mature infrastructure. Akira stays effective through consistent targeting of common enterprise weaknesses. Sinobi has grown steadily by focusing on high-impact industries, especially in late 2025.
Manufacturing remains the most targeted sector, driven by operational technology dependencies and low tolerance for downtime. Technology and healthcare continue to face sustained pressure due to data sensitivity and operational criticality.
Ransomware activity is global but highly concentrated. The United States accounted for about 40% of attacks in Q4 and across 2025, far ahead of other countries. Canada and Germany followed at 4% and 3%, with the UK, France, and parts of APAC and LATAM forming a second tier. Overall, attacks continue to focus on highly digitized, economically developed regions.
In 2025, U.S. breach costs rose to $10.22M, well above the global average of under $5M. Average ransomware recovery costs dropped to $1.53M, reflecting improved operational resilience. However, total legal, regulatory, and reputational costs remain much higher.
Finally, it’s clear that AI is also helping attackers scale operations, increasing attack volumes and group turnover. However, it has not replaced skilled operators, as key decisions and the development of exploits remain human-led.
CyberMaxx’s cyber research team regularly investigates threats independently. These efforts aim to build shared knowledge across the cybersecurity community.
Access the full Ransomware Research Report here: Q4 2025 Ransomware Research Report
About CyberMaxx
CyberMaxx provides comprehensive managed detection and response (MDR) services that protect organizations from today’s complex cyber threats. With a focus on proactive security measures, CyberMaxx delivers industry-leading technology combined with expert human oversight, offering robust protection and peace of mind to clients across various industries. For more information about CyberMaxx’s Modern Managed Detection & Response (MDR), visit www.CyberMaxx.com
Media Contact
John Pinkham
E: jpinkham@cybermaxx.com
M: 781-801-5352
