Ransomware by the Numbers: Victim and Group Count Surges
January 15, 2026 – Published on DataBreachToday
Upheaval in the ransomware underground hasn’t translated into fewer victims or digital extortion groups ready to launch new attacks.
In fact, the opposite has occurred: more victims, and more cybercriminal groups unleashing crypto-locking software, according to independent analyses of the last 12 months in ransomware activity.
The nearly 125 ransomware groups active last year posted a declining number of victims across their data-leak sites from the second quarter to the third, says a Thursday report from GuidePoint Security. But that trend didn’t hold. “Ransomware activity resurged throughout most of Q4 2025 with record-breaking numbers closing out a record-breaking year,” with the majority of victims continuing to hail from the United States, it said.
As in 2024, victims listed on groups’ sites most often hailed from these four sectors: manufacturing, technology, retail and wholesale, and healthcare, GuidePoint reported. “These industries are more likely to experience financial or operational losses from ransomware’s impacts on networks, and to hold high-value or particularly sensitive data,” including personal and other health data, which adds pressure on these victims to pay.
Read More HERE.