Decrease in Ransomware Assaults Observed in 2025

Decline in ransomware attacks during Q2 2025: discover the reasons behind the silent hackers.

, and Administrator

2025 August 29 . 9:06 AM

2 min read

Decline in Ransomware Attacks Observed in 2025

Decrease in Ransomware Assaults Observed in 2025

Ransomware activity continues to pose a significant and evolving threat, with new actors emerging and attacks persisting globally, particularly targeting critical sectors like healthcare, local governments, and education.

In Q2 2022, several major ransomware groups, including LockBit, 8Base, RansomHub, and BianLian, were dismantled by international task forces. However, these takedowns have not curbed the ransomware threat. On the contrary, the landscape has become more fragmented, unpredictable, and adaptive.

The US, Germany, Italy, and Brazil continue to be the countries with the most ransomware victims. Interestingly, some ransomware variants show a preference for specific regions. For instance, Akira targets Italian businesses, Safepay prefers German businesses, and Satanlock focuses on Brazilian businesses.

Some of these smaller groups operate for just a few weeks, carry out a single campaign, then vanish. New ransomware kits, like those from Global Group, are advertising "AI-powered negotiation tools," promising smarter, more targeted extortion strategies.

Other groups, like DragonForce or Safepay, are staying quiet, watching how things shake out before they make a move. The most active and resilient ransomware gang, LockBit, began to unravel in Q2 under global law enforcement pressure.

Ransomware tactics are evolving to include strategies that make victims sweat, such as threatening to leak sensitive data and causing fallout. Fewer attacks do not necessarily mean less danger; instead, it indicates a new phase in the ransomware landscape is taking shape.

The ransomware world has splintered with the departure of the big players, with smaller, more agile groups now running the show. Botnet activity surged by over 40% in 2024, severely impacting various industries and amplifying malicious campaigns. Healthcare has been particularly targeted, with 100% of healthcare sites reporting bot attacks in 2024.

Current trends suggest continued proliferation of sophisticated ransomware strains alongside complementary attack vectors like phishing and botnets. Greater targeting of critical infrastructure sectors, including healthcare, education, and government at local and regional levels, is also expected.

Increasing automation in attack methods, with botnets facilitating larger scale assaults, is a concerning development. The evolution of defensive strategies, including automated incident response and deception-based insider threat detection, is necessary to counter these threats.

In conclusion, the ransomware threat landscape remains active and dynamic post-2022 takedowns, with the decline of some groups offset by the rise of others, sustained high-profile attacks, and the integration of ransomware into broader cyberattack campaigns targeting critical systems globally.