Ransomware Groups Multiply as Attack Surface Rapidly Expands, GuidePoint Security Finds

July 10, 2025 – Published on VMblog

GuidePoint Security announced the release of its quarterly Ransomware & Cyber Threat Report from the GuidePoint Research and Intelligence Team (GRIT).

Covering the second quarter of 2025, the new GRIT Q2 2025 Ransomware & Cyber Threat Report offers exclusive in-depth analysis of the evolving Ransomware as a Service (RaaS) ecosystem, threat actor behaviors and emerging cybercrime trends-including a 45% year-over-year increase in the number of active ransomware groups.

“While law enforcement’s disruption of dominant groups like LockBit, AlphV and BreachForums has dealt significant blows to cybercriminal networks, the sharp year-over-year rise in active ransomware groups makes it clear that a significant threat remains,” said Justin Timothy, Principal Threat Intelligence Analyst at GuidePoint Security. “Unfortunately, the quarterly slowdown in publicly reported ransomware incidents appears to stem from more temporary headwinds, such as seasonality, fragmentation and strategic regrouping within the RaaS ecosystem. As groups like Qilin, Akira and Play continue to gain ground, defenders must remain vigilant and prepare for what’s next.”

The Q2 2025 Ransomware & Cyber Threat Report also investigates Iranian cyber threat activity, the growing momentum of the RaaS group DragonForce and law enforcement’s impact on Lumma Stealer, a prolific information-stealing malware favored by cyber criminals.

Read More HERE.