Skip to content
Grit Blog

2025 Shattered Records: Key Takeaways From the GRIT 2026 Ransomware & Cyber Threat Report

Posted by: Laura Babbili

2 min read

The highly-anticipated annual report from the GuidePoint Research & Intelligence Team (GRIT) just dropped. The GRIT 2026 Ransomware & Cyber Threat Report reveals that what initially started as a somewhat “average” year in terms of ransomware growth actually ended up shattering all records. The report details a 58% Year-over-Year (YoY) increase in the number of observed ransomware victims, claimed by a record-breaking 124 distinct named groups. Read on for key takeaways, or get the full report now.

A Record-Breaking Year for Ransomware

2025 demonstrated the staying power, breadth and adaptability of contemporary ransomware operations. While 2024 saw broad law enforcement disruption efforts, former mid-tier ransomware groups, such as Qilin and Akira, stepped in to fill the spots formerly filled by LockBit and Alphv, likely absorbing affiliates and increasing the scale of their operations in the process.

Other groups, such as RansomHub, obtained short-term successes only to be undone by internal deceit and infighting, with the associated affiliates similarly reorganizing under other groups.

Scale and Impact

In total, in 2025, GRIT observed:

  • 7,515 publicly posted ransomware victims (a 58% YoY increase)
  • 124 tracked ransomware groups (a 46% YoY increase)
  • An average of 20.6 victims per day 

Each quarter of 2025 outpaced the same quarter of the preceding year by observed victim volume. Q4 accounted for nearly a third of the year’s total victims.

AI, Innovation and Law Enforcement

As the report shows, GRIT continued to observe indications of threat actor adoption of AI/LLMs in their operations in 2025. However, concerns of super-affiliates deploying fully autonomous ransom-bots were, fortunately, overstated. AI/LLM usage remains rudimentary among less mature threat actors. Meanwhile, more sophisticated and experienced operators have prioritized finding new means and manners of incorporating AI. Their successes will almost certainly trickle down over time in the same way that vulnerability exploitation has for years. 

Optimistically, the report mentions growing international law enforcement collaboration and disruption efforts targeting not just ransomware, but cybercrime’s underlying support infrastructure as well. 

Get the Full Report

Inside the full report, you’ll discover detailed breakdowns of the most active threat groups, emerging attack vectors, industry-specific targeting trends, and actionable intelligence to strengthen your defense posture. Dive into the data, and use the insights to aid in your cybersecurity strategy. Download the full 2026 GRIT Ransomware and Cyber Threat Report today.

Categories: GRIT® Blog Security Awareness & Education
Tags:cybersecurityGRIT®ransomwareReport

Laura Babbili

Integrated Marketing Campaigns Manager,
GuidePoint Security

Laura Babbili is a cybersecurity marketer with a background leading integrated marketing campaigns that engage technical audiences and drive business impact. She has held roles at global companies including TikTok, Cisco, and IBM, where she developed and executed strategies around small business, cloud security, and IT infrastructure, respectively. She holds a bachelor’s degree in Journalism from the University of Northampton in the United Kingdom and is now based in Austin, Texas, where she lives with her husband, daughter, and dog.

Related Articles

View All

  • Incident Response & Threat Intelligence
GRIT 2025 Ransomware & Cyber Threat Report
Read More < 1 min read
  • GRIT® Blog
Unveiling the GRIT 2025 Ransomware and Cyber Threat Report
Posted by: GuidePoint Security
Read More < 1 min read
  • GRIT® Blog
GRIT’s 2025 Report: Post-Compromise Detection Strategies
Posted by: GuidePoint Security
Read More 2 min read