Ransomware Volume Drops Even As Number Of Active Groups Surges: GuidePoint Security

July 10, 2025 – Published on CRN

Ransomware victim volume declined markedly in the second quarter of 2025 though the field of active threat groups continued to expand — suggesting the decrease in attacks may be short-lived, according to GuidePoint Security research.

The report released Thursday by Reston, Va.-based GuidePoint Security shows that the number of observed victims — those claimed by cybercriminal group blogs and leak sites — fell 22.9 percent during the second quarter, compared to the first quarter of 2025.

That represents the largest quarter-over-quarter drop in attacks ever tracked by the GuidePoint Research and Intelligence Team (GRIT) — well above the 10 to 15 percent drop typically seen during the second quarter and start of the summer months.

Over time, though, the number of active ransomware groups tends to be the main driver of victim volume, GuidePoint noted in its report. And in that regard, the news is not as positive: The number of active ransomware groups has been “increasing year-over-year and quarter-over-quarter,” said Jason Baker, threat intelligence consultant at GuidePoint, No. 37 on CRN’s Solution Provider 500 for 2025.

During the second quarter of the year, the total number of active threat groups surged to 71, according to the GRIT report. That represented a 58-percent increase from the 45 active groups known during the same period a year earlier, and up from 69 during the first quarter.

Read More HERE.