LevelBlue SpiderLabs: Ransomware Attacks Up 17% in 2025
.jpg)
- Global Ransomware Surges in 2025: Total ransomware attacks rose by 17.2% year-over-year, with LevelBlue SpiderLabs tracking approximately 7,400 incidents compared to 6,017 in 2024.
- Qilin and Akira Lead the Threat Landscape: Following the disappearance of Ransomhub and the disruption of Lockbit3, Qilin emerged as the most prolific ransomware group, accounting for 12.5% of all tracked activity.
- Manufacturing and Technology Under Fire: These two sectors became the primary targets for ransomware actors in 2025, while the United States remained the most targeted nation, absorbing over 41% of global attacks.
Ransomware attacks increased by 17.2% percent year-over-year in 2025, with the group Qlin dominating the threat landscape, according to data generated by the LevelBlue SpiderLabs team.
These attacks focused primarily on the manufacturing and technology sectors, with the US by far being the most targeted nation.
2025 continued the trend of yearly increases; however, over the last few years, the rate of attacks has somewhat slowed. In 2024, attacks increased only 11.4%, a far cry from the 70% and 74% increases tracked in 2023 and 2022, respectively.
LevelBlue SpiderLabs derived the information from its ransomware-tracking tool, which gathers data from a variety of open intelligence sources and its own proprietary research.
This unique combination of open-source and in-house research provides new insights into ransomware attack trends, the threat groups involved, and their primary targets. The data below is not all-inclusive but contains enough information to provide a consistent and reliable view of the general threat landscape.
2025 Ransomware Attacks at a Glance
As 2025 comes to an end, SpiderLabs has tracked about 7,400 attacks worldwide for this year, up from 6,017 in 2024.
In 2025, targets in the US absorbed about 3,100, or 41.6%, of all attacks, with Canada and Germany coming in a distant second and third with 337, 4.5%, and 300, 4%, respectively. The US number this year was relatively static compared to 2024, when it was the focus for a slightly higher number, 44.8%, of attacks. The UK and Canada were second and third, each taking about 4.5% of the attacks launched.
Top Threat Groups for 2025
The pecking order for most prolific ransomware groups underwent a major shift with 2024’s leaders suffering a major fall in the standings, with the two leaders plummeting down the standings to also-ran status.
Qlin and Akira, both ransomware-as-a-service (RAAS) groups, topped the 2025 list, displacing Ransomhub and Lockbit3, each of which plummeted from their former perch atop the most active ransomware group list.
Ransomhub, another RaaS operation, enjoyed a solid run in 2024 but mysteriously went dark in April 2025. There was no apparent law enforcement activity against the group, but after launching more than 600 attacks in 2024, it simply stopped operating. This paved the way for Qlin to take over.
Lockbit3’s demise can be traced to February 2024, when it was disrupted by Operation Cronos, an international law enforcement action involving 10 nations that resulted in Lockbit3’s website and infrastructure being infiltrated, taken over, and shut down. In addition, two arrests were made. The fact that Lockbit3 managed to launch in excess of 500 attacks in just a few months is a testament to the danger it posed to the world.
Top Vertical Sectors Targeted in 2025
In 2025, manufacturing and technology vied for the dubious honor of most attacked sector, with the former edging out the latter 11.7% to 11.5%. Healthcare, business services, and financial services rounded out the top five sectors attacked.
Last year, business services were by far the most targeted vertical sector, while manufacturing and technology were tied for second place, with each garnering 12.2% of the attacks. The final two sectors were healthcare and government.
SpiderLabs cannot always connect an attack with a specific category. In 2025, there were 2,405 unclassified attacks, 32.3%, while in 2024 this number was 717, or 11.9%.