GRF analysts recently completed the semiannual ransomware report covering the second half of 2025. The report series tracks attacks based on public sources and conversations of threat actors in closed forums. Analysts compiled data on 3,171 successful attacks. Some key findings:

• There has been a 31% increase in ransomware attacks from one year ago.

• In the second half of 2025, Manufacturing was again the most targeted industry with 590 victims. The next most targeted sector was Commercial Facilities with 463.

• This is the eighth report in a row in which Manufacturing has been the most targeted industry, and the fourth in which Commercial Facilities was second.

• Qilin was the most prolific actor with 583 successful attacks, a 40% increase in the number of attacks by the most prolific actor in the previous report.

• The United States was targeted by 52% of all ransomware attacks tracked by GRF analysts, with 19% directed at companies within the EU and UK.

• Initial Access Brokers have continued to be an integral part of actors’ process, and threat actors are increasingly using phishing kits to launch large scale attacks that enable ransomware operations. AI is also being integrated into tooling.