Skip to content

Ransomware Levels ‘Normalize’ Though Threat Group Activity Remains High: Report

Posted by: GuidePoint Security

< 1 min read

October 10, 2025 – Published on MES Computing

Ransomware victim levels have “normalized.” While the number of those victimized by ransomware decreased from Q1 to Q3 2025, the number of publicly named extortion groups has risen, according to a new report.

The report, published by cybersecurity solutions provider GuidePoint Security, collected data from “publicly available resources” and “threat group themselves,” the report researchers stated.

While ransomware victim volume has normalized since Q1 2025, the number of named — publicly known and tracked — ransomware groups continue to multiply at a 57 percent year-over-year increase, and with 77 known active groups in Q3, according to the report.

This normalization is due to “greater consolidation of skilled actors within prolific, established RaaS [Ransomware-as-a-Service] groups, while also an increase in low-skill or ephemeral groups on the scene,” the report researchers concluded.

“Q3 solidifies what we are recognizing as a ‘new normal’ baseline, but it is too soon to declare the problem of ransomware contained,” the report researchers said.

Read more HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRIT®ransomware

GuidePoint Security

Get the GRIT Q3 2025 Ransomware & Cyber Threat Report
Trends and threats from the past year, with insights to protect your organization.
Download Now

Related Articles

View All

  • Incident Response & Threat Intelligence
Get the GRIT Q3 2025 Ransomware & Cyber Threat Report
Read More < 1 min read
  • Incident Response & Threat Intelligence
GRIT Q3 2025 Ransomware & Cyber Threat Report Presentation
Read More < 1 min read
  • Incident Response & Threat Intelligence
The number of ransomware groups rockets as new, smaller players emerge
Read More < 1 min read