Report by GuidePoint Security

GRIT Q3 2025 Ransomware & Cyber Threat Report

55 FINDINGSPublished Oct 9, 2025
View Original Report →

Key Findings

There were 1,576 total public posts related to ransomware victims (organizations and individuals) in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
Ransomware

SafePay impacted 71 organizations and individuals across 19 industries and 16 countries in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareSafePay

In Q3 2025, manufacturing organizations experienced a 26% increase in ransomware attacks.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareManufacturing

Qilin recorded 234 victims (organizations and individuals) in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareQilin

56.00% of global ransomware victims (organizations and individuals) in Q3 2025 were from the United States.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareUS

Akira had 133 victims (organizations and individuals) in Q2 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareAkira

The emerging threat group 'The Gentlemen' posted 32 victims (organizations and individuals) on a single day once their data leak site went live in 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareThe Gentlement

2.35% of global ransomware victims (organizations and individuals) in Q3 2025 were from France.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareFrance

Qilin claimed 10 healthcare organizations as victims in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareQilin

GLOBAL and BlackLock had four distinct names in a little over a year.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareGLOBALBlackLock

IncRansom, SafePay, and Qilin together accounted for 30% of the 118 healthcare organizations that were victims in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareIncRansomSafePayQilin

There were 77 total ransomware groups active in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
Ransomware

2.79% of global ransomware victims (organizations and individuals) in Q3 2025 were from Canada.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareCanada

2.03% of global ransomware victims (organizations and individuals) in Q3 2025 were from Spain.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareSpain

IncRansom had 71 victim claims (organizations and individuals) in Q1 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareIncRansom

IncRansom's Q3 2025 victim count was 126 organizations and individuals.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareIncRansom

Ransomware groups claimed 118 healthcare organizations as victims in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareHealthcare

In Q2 2025, ransomware attacks on healthcare organizations accounted for 5.8% of all ransomware attacks.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareHealthcare

During Q3 2025, Akira claimed one healthcare industry organization as a victim on their DLS.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareAkiraHealthcare

Toha personally profited over €7 million from trading malware, stolen data, and malicious access on his platform.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareToha

The average number of public posts related to ransomware victims (organizations and individuals) per week in Q3 2025 was 121.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
Ransomware

GRIT observed 14 publicly disclosed ransomware attacks against state agencies, counties, and municipalities in Florida since July 2022.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareState agencies

3.81% of global ransomware victims (organizations and individuals) in Q3 2025 were from the United Kingdom.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareUK

2.48% of global ransomware victims (organizations and individuals) in Q3 2025 were from the Republic of Korea.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareRepublic of Korea

Rhysida has claimed over 200 organizations and individuals as victims to their dark web DLS.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareRhysida

The 'The Gentlemen' group claimed 38 total victims (organizations and individuals) across the month of September 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareThe Gentlement

4.89% of global ransomware victims (organizations and individuals) in Q3 2025 were from Germany.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareGermany

IncRansom had 62 victim claims (organizations and individuals) in Q2 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareIncRansom

The average number of ransomware groups posting victim data per week in Q3 2025 was 25.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareData leak

There were 252 publicly claimed manufacturing organizations that were victims of ransomware attacks in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareManufacturing

Akira's victim count in Q3 is 212% higher than the same period in 2024.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareAkira

10% to 15% of revenue was offered as a split for the core operator within the RaaS ecosystem.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareRaaS

The United States accounted for 52.1% of global ransomware victims (organizations and individuals) in the prior quarter (Q2 2025).

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareUS

IncRansom claimed 14 healthcare organizations as victims in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareIncRansom

Akira experienced a single day spike of 20 claimed victims (organizations and individuals) on August 11th 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareAkira

Qilin's 234 victims comprised 15% of the total ransomware victims (organizations and individuals) for Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareQilin

Akira is among the top 3 ransomware outfits that impact organizations within the Technology vertical.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareTechnologyAkira

2.60% of global ransomware victims (organizations and individuals) in Q3 2025 were from Italy.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareItaly

1.46% of global ransomware victims (organizations and individuals) in Q3 2025 were from Brazil.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareBrazil

Ransomware attacks on healthcare organizations accounted for 7.5% of all ransomware attacks in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareHealthcare

One individual's death was directly tied to the Qilin ransomware attack on Synnovis in June 2024.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareQilin

1.33% of global ransomware victims (organizations and individuals) in Q3 2025 were from Australia.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareAustralia

Qilin's victim count was 234 organizations and individuals.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareQilin

There were 200 publicly claimed manufacturing organizations that were victims of ransomware attacks in Q2 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareManufacturing

22.29% of global ransomware victims (organizations and individuals) in Q3 2025 were from all other countries not specifically listed.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
Ransomware

Akira had 150 victims (organizations and individuals) in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareAkira

Akira demonstrated a rise in activity with 13% more victims (organizations and individuals) in Q3 compared to Q2.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareAkira

SafePay impacted 111 organizations and individuals spread across 27 industries and 18 countries in Q2 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareSafePay

Qilin's activity marks a 318% YoY increase.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareQilin

The Qilin campaign claimed 29 financial organizations headquartered in the Republic of Korea as victims to their DLS in a mid-September Qilin campaign.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareQilinFinancial sectorRepublic of Korea

Qilin claimed 56 victims (organizations and individuals) in Q3 2024.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareQilin

There was a 36% decrease in SafePay's impact on organizations and individuals quarter-over-quarter.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareSafePay

SafePay claims a year-to-date total impact of 258 organizations and individuals across 29 distinct industries and 30 countries.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareSafePay

In Q2 2025, there were 92 reports of ransomware attacks on healthcare organizations.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareHealthcare

SafePay claimed 11 healthcare organizations as victims in Q3 2025.

GuidePoint SecurityGRIT Q3 2025 Ransomware & Cyber Threat Report·Oct 9, 2025
RansomwareSafePay