Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups

In the fourth quarter of 2025, the number of ransomware victims has seen a significant surge, despite a decline in the number of active extortion groups, according to a report by ReliaQuest researchers. This unexpected increase in ransomware incidents highlights the evolving tactics of cybercriminals and the challenges faced by organizations in safeguarding their data.

The report reveals that while the number of active ransomware groups has decreased, the impact of these groups has intensified. This could be due to several factors, including the increased sophistication of ransomware, the expansion of their targeting strategies, and the growing reliance of organizations on digital infrastructure. The rise in ransomware attacks underscores the need for enhanced cybersecurity measures and proactive threat intelligence initiatives.

One of the most concerning trends highlighted in the report is the 50% increase in data leaks associated with ransomware incidents. This rise suggests that cybercriminals are not only encrypting data to demand ransoms but are also exploiting data leaks as a secondary revenue stream. Such leaks can lead to significant reputational damage and financial losses for victims, further incentivizing cybercriminals to adopt this strategy.

The decline in active extortion groups could be attributed to several factors, including improved law enforcement efforts, increased collaboration between cybersecurity firms and governments, and the emergence of more sophisticated detection and response mechanisms. However, the persistence of ransomware attacks indicates that cybercriminals are adapting their tactics to overcome these challenges.

Organizations are increasingly recognizing the importance of robust cybersecurity frameworks to mitigate ransomware risks. This includes investing in advanced threat detection systems, employee training programs, and regular vulnerability assessments. Additionally, the adoption of data backup and recovery solutions has become crucial to ensure business continuity in the event of a ransomware attack.

The surge in ransomware victims also highlights the need for a coordinated global response to combat this growing threat. International cooperation is essential to share intelligence, develop standardized defense strategies, and hold cybercriminals accountable. Governments and cybersecurity communities must work together to address the root causes of ransomware proliferation and support victims in recovering from these attacks.

In conclusion, the unexpected rise in ransomware victims despite fewer active extortion groups serves as a stark reminder of the ongoing challenges in the cybersecurity landscape. The increasing reliance on digital systems and the evolving tactics of cybercriminals necessitate a proactive and comprehensive approach to safeguarding data and combating ransomware threats. As the stakes continue to escalate, it is imperative for organizations, governments, and cybersecurity experts to collaborate and innovate to protect against these sophisticated attacks.