The GRIT Q3 2025 report shows ransomware activity settling into a “new normal,” with approximately 1,500–1,600 publicly reported victims per quarter, even as the number of active extortion groups reached a record 77, up 57% year over year. While total victim counts plateaued, established RaaS groups such as Qilin, Akira, and IncRansom consolidated activity and increased impact, particularly against manufacturing, which saw a 26% QoQ rise in victims and remained the most targeted industry. The United States accounted for 56% of victims globally. Healthcare attacks increased in severity and consequence, highlighting elevated human risk. The report underscores ongoing law-enforcement disruption, rapid ransomware group rebranding, and structural weaknesses in criminal operations, concluding that ransomware remains entrenched, adaptive, and far from contained despite recent stabilization.

Join for free to read