Ransomware groups listed a record 7,458 victims on dark web leak sites in 2025, representing a significant 30 percent increase compared to 2024.
A new report from Searchlight Cyber also tracks a record-breaking 93 active ransomware groups in H2 alone, with 2025 seeing the highest number of brand-new groups emerging on the dark web.
Qilin dominates the landscape as the most prolific group, marking a staggering 420 percent year-on-year increase in victims. The report tracks the formation of high-profile ‘supergroup’ collaborations, such as Scattered Lapsus$ Hunters, where threat actors pool specialized talents to scale their operations.
Artificial Intelligence is lowering the barrier to entry, allowing new groups to automate malware development and conduct hyper-personalized social engineering.
Luke Donovan, head of threat intelligence at Searchlight Cyber, says, “2025 was a record year for ransomware, driven by a professionalized ecosystem that remains devastatingly effective despite increased pressure from global law enforcement. While we saw a very slight dip in victim numbers in the second half of the year, this should not be interpreted as a victory. The landscape continues to fragment; large monolithic syndicates are fracturing into smaller, agile cells, and with the number of active groups at an all-time high, the threat landscape has become more complex and difficult to track than ever before.”
Searchlight’s analysis highlights that ‘Shadow Exposure’ in third-party software remains a critical vulnerability. Threat actors are increasingly weaponizing vulnerabilities in software supply chains faster than patch cycles can keep up.
The report emphasizes the necessity of preemptive approaches to defend against ransomware, detailing methods to combat the Initial Access Broker (IAB) ecosystem and identify sensitive data in third-party ransomware leak files before an attack is deployed.
“In the high-stakes game of ransomware in 2026, the only way to truly win is to ensure you aren’t an eligible target in the first place,” adds Donovan. “Offensive law enforcement operations are vital, but our data shows they cannot be the only solution. Organizations must adopt a preemptive strategy, maintaining visibility and mitigating exposures to neutralize threats before they escalate into full-blown attacks.”
The full report is available from the Searchlight site.
Image credit: Vchalup/Dreamstime.com
![what-nis2-implementation-means-for-enterprises-[q&a]](https://thetechbriefs.com/wp-content/uploads/2025/04/9521-what-nis2-implementation-means-for-enterprises-qa.jpg)