Ultimategamerbase
Technology

Takedowns and arrests didn't slow down ransomware in 2025

January 09, 2026 5 min read views
Takedowns and arrests didn't slow down ransomware in 2025
  1. Pro
  2. Security
Takedowns and arrests didn't slow down ransomware in 2025 News By Sead Fadilpašić published 9 January 2026

Despite the police's best efforts, ransomware continues to rise

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Lock on Laptop Screen (Image credit: Shutterstock.com) (Image credit: Future) Share Share by:
  • Copy link
  • Facebook
  • X
  • Whatsapp
  • Reddit
  • Pinterest
  • Flipboard
  • Threads
Share this article 0 Join the conversation Follow us Add us as a preferred source on Google
  • Ransomware victims rose from ~5,400 in 2023 to 8,000+ in 2025, a 53–63% increase
  • Major groups like RansomHub, BianLian, and Hunters International shut down, but overall numbers grew
  • Active groups surged to 126–141, with Qilin, Cl0p, Play, and INC Ransom leading attacks

Despite the police’s best efforts to rid the world of ransomware, not much has changed in 2025, and the infamous cybercriminal practice continued on its upward trajectory.

This is according to “The State of Ransomware in the US: Report and Statistics 2025”, a new report published by security researchers Emsisoft.

Based on data from two separate sources - RansomLook.io and Ransomware.live - collected between 2023 and 2025, Emsisoft determined that some of the biggest players were either disrupted by law enforcement or shut down on their own. But, it didn't do much to slow down the attacks.

You may like
  • Cyber crime and security vector concept showing a laptop, credit card and open padlock. US Treasury offers cautious optimism as ransomware payments decline
  • ID theft The end of ransomware? Report claims the number of firms paying up is plummeting
  • IA y ciberseguridad Threats to watch this year: from data theft and extortion to EDR killers

The disappearance of giants

“Since 2023, the number of globally claimed victims has increased from approximately 5400 annually to over 8000 in 2025,” the report states.

“Double digit annual growth has led to 2023/2025 increases of between 53% (using Ransomware.live data) and 63% (RansomLook.io data).” Emsisoft also added that the actual numbers are likely significantly higher, since only a minority of incidents get reported and tracked.

At the same time, some of the groups that were seen as the biggest threats, were shut down or disappeared last year. That includes RansomHub (breached Kawasaki Motors Europe, Planned Parenthood, and Manpower), BianLian (Boston’s Children’s Health Physicians, Mizuno USA, Northern Minerals), or Hunters International (Tata Technologies, Dell), as well as many others: Babuk-Bjorka, FunkSec, 8Base, and Cactus.

In absolute terms, however, the number of ransomware groups actually grew. In fact - the more victims there are, the more attackers there are. The data shows around 70 active groups in 2023, rising to between 126 and 141 in 2025.

Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Qilin, Akira, Cl0p, Play, Safepay, and INC Ransom seem to be the most active groups this year, pushing out older heavy hitters such as LockBit, ALPHV (now shut down), 8Base, or Akira.

“The disappearance of successful groups often results in open competition to attract the most productive affiliates,” Emsisoft concludes. We can hold out hope that although victim counts continue to increase, the pressure being applied by international law enforcement activity does appear to be having an impact on the criminal gangs."

Best antivirus software headerThe best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Show More Comments

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Cyber crime and security vector concept showing a laptop, credit card and open padlock. US Treasury offers cautious optimism as ransomware payments decline    ID theft The end of ransomware? Report claims the number of firms paying up is plummeting    IA y ciberseguridad Threats to watch this year: from data theft and extortion to EDR killers    Code Skull Interlock ransomware just keeps getting more powerful - here's how to stay safe    Phishing, E-Mail, Network Security, Computer Hacker, Cloud Computing Cyber Security 3d Illustration The ransomware payment debate: what it means for organizations    Neon letters spelling RANSOMWARE set against a dark background with red and blue circuitry Thousands fall victim to ransomware as European attacks reach record highs - here's why they're so at risk    Latest in Security A hand reaching out to touch a futuristic rendering of an AI processor. IBM's AI 'Bob' could be manipulated to download and execute malware    ChatGPT logo This 'ZombieAgent' zero click vulnerability allows for silent account takeover - here's what we know    An image depicting a smiling woman using two-factor authentication to seamlessly login in a secure account. NordPass adds built-in TOTP authenticator for personal accounts    Shutterstock.com / kanlaya wanon Congressional staff emails hacked as part of Salt Typhoon campaign    Data leak Personal data on over 700,000 exposed by Illinois government agency    Hands on a laptop with overlaid logos representing network security Vulnerability in Identity Service Engine with exploit code patched by Cisco    Latest in News ZeroZero Robotics HoverAir Aqua DJI isn't the only drone maker hit by new US laws – the world's first waterproof selfie drone could be next    In this photo illustration, the Cloudflare logo is seen displayed on a smartphone screen. Cloudflare and La Liga's conflict deepens as piracy legal battle continues    Nvidia RTX 5000 gpu Nvidia’s next-generation RTX 60 series GPUs rumored to be on track to launch next year    Garmin Venu X1 Soft Gold Garmin's closest Apple Watch Ultra rival is getting a soft gold revamp    Two phones on a pink and orange background showing the Google Home app ‘Gemini can't possibly be this stupid' – Google's smart home issues continue    A screenshot of a character speaking to the player in Avowed. Obsidian's Avowed is leaping from Xbox to PS5 next month    LATEST ARTICLES
  1. 1Takedowns and arrests didn't slow down ransomware in 2025
  2. 2Dell Pro Max 16 Plus mobile workstation review
  3. 3I waited two years to get a PlayStation Portal, and now wish I’d bought one sooner
  4. 4If your best ChatGPT replies keep getting lost, try this pin trick
  5. 5Record profits forecast for Samsung with dramatic increase in AI chip demand

Related Articles