Ransomware Attacks Fall in Q2 as Ecosystem Reshuffles

July 11, 2025 – Published on The HIPAA Journal

New research from GuidePoint Security shows that ransomware attacks declined by 23% from the previous quarter, although they are up 43% on this time last year, with the dip only partially explained by normal seasonal variations. In Q2 of 2025, 1,591 new victims of ransomware attacks were posted publicly on data leak sites, at an average of 17.5 per day, compared to 22.9 per day in Q1 of 2025 and 12.2 per day in Q2 of 2024.

Compared to last year, Alphv/BlackCat – a major player in the ransomware ecosystem – has shut down, LockBit has been subject to law enforcement action, and there has been significant disruption to the RansomHub operation, all of which have contributed to the fragmentation of the ransomware ecosystem. Compared to last year, there are more small groups and lone wolves operating, who find it much easier to stay under the radar of law enforcement.

In Q2, 2024, there were 41 active ransomware groups, and 71 in Q2, 2025, according to the quarterly Ransomware & Cyber Threat Report from the GuidePoint Research and Intelligence Team (GRIT), a 45% year-over-year increase.

The United States is still the primary target for ransomware groups, accounting for 52% of attacks in the quarter, followed by Canada, Germany, and the United Kingdom. Healthcare organizations continue to be attractive targets for ransomware groups; however, the sector dropped to 5th spot for attacks.

Read More HERE.