GRF Releases 2025 Ransomware Report

Written By Pat McGlone

GRF analysts recently completed the semiannual ransomware report covering the first half of 2025. The report series tracks attacks based on public sources and conversations of threat actors in closed forums. Analysts compiled data on 2,940 successful attacks. Some key findings:

  • Manufacturing was again the most targeted industry with 531 victims, a 69% increase from H2 2024. The next most targeted sector was Commercial Facilities with 459, a 50% increase from the last report.

  • This is the seventh report in a row in which Manufacturing has been the most targeted industry.

  • Cl0p was the most prolific actor with 415 successful attacks, followed by Akira with 261.

  • Roughly matching the previous report, the United States was targeted by 62% of all ransomware attacks tracked by GRF analysts, with 18% directed at companies within the EU and UK.

  • Re-extortion is becoming more common, Initial Access Brokers have become an integral part of actors’ process, and Endpoint Detection Killers are gaining popularity.


Read the full report: https://www.grf.org/ransomware-report

Pat McGlone
Next

GRF Publishes June Newsletter