Ransomware 2025: Active Groups

Monitoring active RaaS (Ransomware-as-a-Service) groups and global victim logs.

Most Active Group

LockBit 4.0 (Evo)

Responsible for 22% of Dec attacks

Average Ransom Paid

$1.85 Million

Up 12% from Q3 2025

📉 Major 2025 Ransomware Incidents

Ransomware tactics have shifted this year toward "Triple Extortion": encrypting data, threatening to leak it, and DDOSing the victim's website simultaneously.

Target Entity	Ransomware Gang	Downtime	Outcome
Global Logistics Hub	Black Basta	9 Days	Supply chain delay
Munich Health System	ALPHV / BlackCat	14 Days	Patient rerouting
Tokyo Smart Grid	Akira	4 Days	Partial blackout
Nordic Finance Group	Play	21 Days	Data leak (4TB)

How they get in: The 2025 Attack Vector

Data shows that 45% of 2025 ransomware entries occurred through unpatched VPN appliances and RDP (Remote Desktop Protocol) exposure. Once inside, groups are now using AI-automated scanning to find your backup servers within minutes.

🛡️ Defensive Checklist for December 2025

Technical Steps

Enable Immutable Backups.
Disable RDP on public IPs.
Apply emergency VPN patches.

Human Steps

Simulated Phishing tests.
Mandatory Hardware MFA.
Review Incident Response.

Cyber Security News| AI Security News| Hacking News | Cyber Attack News| Security Learning

Search Suggest