Report by GuidePoint Security

GRIT Q2 2025 Ransomware & Cyber Threat Report

9 FINDINGSPublished Jul 10, 2025
View Original Report →

Key Findings

There was a 23% decline in publicly reported ransomware incidents in Q2 2025, which may indicate changing attacker patterns beyond seasonal norms.

GuidePoint SecurityGRIT Q2 2025 Ransomware & Cyber Threat Report·Jul 10, 2025
Ransomware

Qilin saw an 85% increase in activity, making it the most active threat group in Q2 2025.

GuidePoint SecurityGRIT Q2 2025 Ransomware & Cyber Threat Report·Jul 10, 2025
RansomwareQilin

The healthcare sector dropped out of the top five most targeted industries by ransomware for the first time since Q2 2022.

GuidePoint SecurityGRIT Q2 2025 Ransomware & Cyber Threat Report·Jul 10, 2025
RansomwareHealthcare

Ransomware victim numbers remain elevated year-over-year (+43%).

GuidePoint SecurityGRIT Q2 2025 Ransomware & Cyber Threat Report·Jul 10, 2025
Ransomware

The number of active ransomware groups climbed from 45 in Q2 2024 to 71 in Q2 2025.

GuidePoint SecurityGRIT Q2 2025 Ransomware & Cyber Threat Report·Jul 10, 2025
Ransomware

There has been a 45% year-over-year rise in active ransomware groups.

GuidePoint SecurityGRIT Q2 2025 Ransomware & Cyber Threat Report·Jul 10, 2025
Ransomware

52% of observed ransomware victims in Q2 2025 were based in The United States.

GuidePoint SecurityGRIT Q2 2025 Ransomware & Cyber Threat Report·Jul 10, 2025
RansomwareUS

23% of observed ransomware victims in Q2 2025 were based in Singapore.

GuidePoint SecurityGRIT Q2 2025 Ransomware & Cyber Threat Report·Jul 10, 2025
RansomwareSingapore

5% of observed ransomware victims in Q2 2025 were based in Canada.

GuidePoint SecurityGRIT Q2 2025 Ransomware & Cyber Threat Report·Jul 10, 2025
RansomwareCanada