✅ Report Title: Ransomware Landscape in H1 2025: Statistics and Key Issues
S2W Threat Intelligence Center, TALON, has published a detailed analysis report on ransomware group activity in the first half of 2025.
✅ Executive Summary:
- This report analyzes ransomware group activities that occurred in the first half of 2025 (January 1–June 30, 2025).
- The scope of analysis covers ransomware groups operating leak sites, as well as victim organizations whose data was published on those sites.
- In H1 2025, a total of 3,624 companies were listed on ransomware leak sites as victims of ransomware infections.
- Compared to the first half of 2024 (January 1–June 30, 2024), the number of victim companies increased by 1,336.
📌 Ransomware Group Activity
- A total of 91 ransomware groups were active in H1 2025, each targeting an average of approximately 40 companies.
- 51 newly emerging groups were observed; March recorded the highest count of new groups (13 in total).
📌 Ransomware Victims
- Large enterprises accounted for 3.8% of victims in H1 2025, down from 4.2% in the same period last year.
- The United States ranked first among the Top 10 most affected countries.
- Year-over-year, the U.S. saw the largest increase in victims, while the United Arab Emirates experienced the greatest decrease.
📌 Targeted Industries
- The Business Services sector experienced the highest number of ransomware attacks among the Top 10 most affected industries in H1 2025.
📌 Additional Insights
- Ransomware-related job postings increased by approximately 65.6% compared to H2 2024, with continuous growth from January to April 2025.
📌 Risk Assessment
- Based on S2W Threat Intelligence Center’s independent evaluation, the Top 5 highest-risk groups in H1 2025 are TA505, PLAY, Apos Security, Qilin, and El Dorado.
🧑💻 Author: S2W TALON
👉 Read the full report: https://bit.ly/4mmEjbp
📄 View the 2024 H2 Ransomware Report: https://bit.ly/4fI7x1V
*The full report is available upon request or with a subscription to the S2W platform.