Insights from the GRIT Q2 2025 Ransomware & Cyber Threat Report

Ransomware continues to escalate, driving a more fragmented and aggressive threat landscape. The GRIT Q2 2025 Ransomware & Cyber Threat Report reveals the latest shifts that security teams need to watch to stay ahead.

Snapshot of Key Findings

• More Groups, More Complexity:
  This quarter tracked 71 active ransomware groups, up 58% year-over-year from Q2 2024. The ecosystem is also fragmenting, with new ransomware groups surging 82%, rising from 11 in Q4 2024 to 20 in Q2 2025.
• Manufacturing in the Crosshairs:
  Manufacturing remained the most targeted sector, accounting for 200 ransomware victims (12.6%), a 44% increase YoY. Threat groups understand that the cost of downtime in this sector ripples through entire supply chains.
• DragonForce’s Rapid Rise:
  The DragonForce ransomware group continued its expansion, claiming over 120 global victims with a notable spike of 20 new victims in June alone, alongside ransom demands reaching $7 million.
• Law Enforcement Pushback:
  Global crackdowns intensified. Operation RapTor resulted in 270 arrests across 10 countries, disrupting major dark web markets, while the takedown of BreachForums removed a key hub for the trading of stolen data.

Why it Matters

Ransomware operators are evolving rapidly, adopting new tactics and exploiting opportunities created by fractured affiliate networks and weak security postures. As groups multiply and targets diversify, organizations face even greater pressure to shore up defenses, especially in high-risk industries like manufacturing.

This report provides the insights you need to adjust your security strategy, understand how threat actors are operating, and protect your organization against evolving ransomware risks.

Download the full report and get the intelligence to strengthen your defenses for the second half of 2025.