{"id":126893,"date":"2025-12-05T09:10:01","date_gmt":"2025-12-05T01:10:01","guid":{"rendered":"https:\/\/v2catalog.com\/?p=126893"},"modified":"2025-12-05T09:10:01","modified_gmt":"2025-12-05T01:10:01","slug":"research-ransomware-isnt-slowing-down-in-q3-2025","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2025\/12\/research-ransomware-isnt-slowing-down-in-q3-2025\/","title":{"rendered":"Research: Ransomware isn\u2019t slowing down in Q3 2025"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"126893\" class=\"elementor elementor-126893\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-71ae5294 post-content elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"71ae5294\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4a899f&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1e9119cd\" data-id=\"1e9119cd\" data-element_type=\"column\" data-e-type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9ccd5b0 elementor-widget elementor-widget-html\" data-id=\"9ccd5b0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<style>\nh2 {\nborder-left: 6px solid #b6e3d4;\npadding-left: 20px;\ncolor: #33a7b5;\n}\nsection {\nmargin-bottom:50px;\n}\n\n<\/style>\n    <section style=\"width:65%; margin: 0 auto 50px auto ; background-color: #ececec; padding:30px;\"> \n    <img decoding=\"async\" src=\"https:\/\/v2catalog.com\/wp-content\/uploads\/2025\/12\/ansomware-statistics-2025-q3.png\" style=\"margin-bottom: 30px;\">\n        <p><strong>Summary:<\/strong> Through the third quarter of 2025, ransomware attacks surged by 47%, with US organizations and small to medium-sized businesses remaining the primary targets.<\/p>\n    <\/section>\n    <section>\n        <p>Our analysis this quarter reveals a continued growth in ransomware incidents. Between January and September 2025, <strong>6,330 cases were exposed on the dark web\u2014a 47% increase<\/strong> from the 4,293 cases recorded during the same period last year. As in the previous quarter, US organizations and small to medium-sized businesses (SMBs) remained the primary targets.<\/p>\n        <p>So, what drove this increase, who\u2019s responsible for the majority of these attacks, and how can you prevent them? Let\u2019s make sense of these ransomware statistics.<\/p>\n    <\/section>\n\n    <section>\n        <h2>Methodology<\/h2>\n        <p>We continuously monitor over 200 blogs operated by ransomware groups. The ransomware data available on these blogs typically includes the names of the attacked companies, descriptions of the incidents, and sometimes samples of the stolen files to prove the legitimacy of the attack. These groups publish their victims\u2019 names as a tactic to pressure them into paying the ransom. They often include a countdown timer, after which they threaten to leak the stolen data if the ransom is not paid.<\/p>\n        <p>Once a company is identified from a ransomware listing, we conduct further research to gather firmographic data. While the total number of 1,943 ransomware attacks in Q3 2025 is accurate, the figures presented in each category (industry, company size, and country) may be slightly higher due to a smaller sample size. This is because some incidents were missing the data needed for categorization and were omitted.<\/p>\n        <p>We use various publicly accessible business data sources to identify general organizational attributes, such as industry, geographic region, size, and revenue bracket, using the company name and domain.<\/p>\n    <\/section>\n\n    <section>\n        <h2>Ransomware Statistics Unpacked: Why Did the Ransomware Attack Numbers Go Up?<\/h2>\n        <p><strong>Ransomware<\/strong> is a malicious software that restricts access to a computer system or data by encrypting files or locking systems, holding them hostage for a ransom. It\u2019s often distributed via email phishing, social engineering, malvertising, and exploit kits. Cybercriminals then threaten to publish the company's data if the ransom isn\u2019t paid on time.<\/p>\n        <p>Unfortunately, attackers won\u2019t necessarily hand the decryption key to restore access even after the ransom is paid. Often, the systems or files will stay locked for the second ransom, leaving companies to suffer dire consequences\u2014financial, reputational, and legal.<\/p>\n        <p>These attacks are one of the main cyber threats. The continued rise in incidents shows that ransomware is still effective and highly profitable, incentivizing cybercriminals to ramp up activity. In short, ransomware trends show these threats are here to stay.<\/p>\n        <p>According to Vakaris Noreika, cybersecurity expert at NordStellar, there are several reasons for the surge in ransomware activity. One is most likely due to the increase in ransomware-as-a-service (RaaS)\u2014a business model providing malicious software and infrastructure for others to carry out attacks. It allows cybercriminals to scale their attacks and has lowered the entry barrier for bad actors.<\/p>\n        <p>Another key factor is the record-high number of active ransomware groups. Noreika explains that this number has been rising for five years, noting that in September alone, NordStellar attributed incidents to 66 different groups.<\/p>\n    <\/section>\n\n    <section>\n        <h2>Main Targets of Ransomware in 2025 Q3<\/h2>\n        <p>In this section of the ransomware report, let\u2019s take a closer look at the targets and break them down by country, industry and business size.<\/p>\n\n        <h3>By Country<\/h3>\n        <p>Firstly, let's examine the countries that were targeted. From July to September 2025, <strong>1,943 ransomware incidents<\/strong> were exposed on the dark web, a <strong>31% increase<\/strong> compared to the same period in 2024 (1,484 cases).<\/p>\n        <p>Of the 1,274 ransomware cases that could be traced to specific victim countries, US businesses took the most brutal hit, accounting for 54% of cases (686 incidents). Canada was the second most affected country, with 62 cases, followed closely by Germany (60), the United Kingdom (54), and France (35).<\/p>\n        <p>According to Noreika, the findings are consistent with what we have seen all year: \"The US is home to numerous profitable public businesses, and this, coupled with strict regulations, makes these companies a higher-profile target for cyber-attacks. Their potential for high profitability, combined with a higher likelihood of meeting ransomware demands to resolve incidents quickly, increases the chances of success for attackers.\"<\/p>\n\n        <h3>By Industry<\/h3>\n        <p>When analyzing ransomware statistics by industry, data from July to September 2025 revealed that <strong>the manufacturing industry was most affected, with 245 recorded cases<\/strong>, mirroring the results of the previous quarters. Other significantly impacted sectors included professional, scientific, and technical services with 107 ransomware incidents, information technology with 103, construction with 91, and financial services with 88.<\/p>\n        <p>\"Companies operating in the manufacturing industry experience high operational downtime costs, making them more inclined to give in to ransomware demands to resolve the incident as soon as possible. They also often rely on outdated or unpatched software and systems and are more likely to experience supply chain vulnerabilities due to reliance on third-party vendors, partners, and logistics providers,\" says Noreika.<\/p>\n        <p>Noreika also explains that companies in the professional, scientific, and technical services industry often work with confidential customer data, intellectual property, and critical business tools, making them an attractive target for ransomware actors. He adds that businesses in the information technology industry are targeted because they handle large volumes of valuable data and are key components of the supply chain. This means that attacking them can spread ransomware to multiple businesses simultaneously.<\/p>\n\n        <h3>By Business Size<\/h3>\n        <p>Ransomware data from the third quarter of 2025 revealed that <strong>SMBs were the prime targets<\/strong>. Specifically, organizations with 51\u2013200 employees and revenues between $5 million and $25 million experienced the most attacks.<\/p>\n        <p>\"Ransomware actors usually perceive smaller businesses as lower-risk targets because they might lack a sophisticated IT infrastructure, operate on low cybersecurity budgets, and not have the means to investigate or report attacks to authorities,\" says Noreika.<\/p>\n        <p>He adds that companies with smaller revenues may also be more likely to meet attackers' demands, since the cost of downtime, data loss, or reputational damage from a full-blown ransomware attack could devastate the business financially. As a result, many of them could view paying the ransom as the only option, making them a more attractive target for ransomware attackers.<\/p>\n    <\/section>\n\n    <section>\n        <h2>Veteran Ransomware Groups Dominate the 2025 Threat Landscape<\/h2>\n        <p><strong>Qilin<\/strong> was responsible for the most attacks in Q3 2025, with 241 ransomware incidents, and continues to hold the number one spot from the previous quarter. It\u2019s a Russia-linked RaaS criminal operation that works with affiliates to encrypt and exfiltrate data from the victim companies and appears.<\/p>\n        <p><strong>Akira<\/strong> holds the second spot with 190 ransomware incidents, followed closely by INC Ransom, another ransomware group, with 146 incidents. Then follows Play with 102 incidents, and Safeplay with 92.<\/p>\n        <p>\"Qilin, Akira, and Play are more experienced players, active from 2022-2023, and are known for their double extortion models and large victim scope. They are also more likely to keep their operations in-house, without utilizing or offering RaaS,\" says Noreika. \"Safepay is the youngest group, first detected in the fall of last year, yet has consistently been among the top perpetrators this year. INC Ransom was first discovered in late 2023 and is generally lesser-known. However, they have also been quite consistent with their attacks this year.\"<\/p>\n        <p>According to Noreika, ransomware groups are highly organized. He explains that business leaders are not always fully aware of the danger they pose. For example, they often seek out top talent in cybersecurity or might even recruit insiders to carry out a targeted attack against an organization, making them a threat that companies cannot afford to underestimate.<\/p>\n    <\/section>\n\n    <section>\n        <h2>Building a Ransomware-Resistant Business<\/h2>\n        <p>With the persistence of ransomware attack trends, it's clear that this threat is here to stay. So, what can you do to <strong>protect your business<\/strong> from it?<\/p>\n        <p>First and foremost, your employees are the first line of defense against ransomware. Cybersecurity training on phishing scams, the importance of multi-factor authentication, and password management is essential to minimize the risk of bad actors gaining access to sensitive data or infiltrating the network.<\/p>\n        <p>\"Another important factor is monitoring and addressing unknown cybersecurity gaps. With more businesses embracing hybrid or remote work models, introducing unmanaged devices and relying on third-party vendors, the attack surface is expanding, and any endpoint can be exploited,\" says Noreika.<\/p>\n        <p>To stay ahead of attackers, he advises companies to monitor for external vulnerabilities before they are exploited, as well as any potential data leaks on the dark web, to minimize the possibility of a more sophisticated attack. Noreika emphasizes that recovery plans and backing up critical data are among the essential steps to reduce the impact of a potential ransomware incident.<\/p>\n    <\/section>\n\n    <section>\n        <h2>Previous Research Data<\/h2>\n        <p>Here you can find the main ransomware attack data from the previous quarters.<\/p>\n        \n        <h3>Q2: Ransomware attacks spike by 49% in the first half of 2025<\/h3>\n        <p>The number of ransomware attacks surged by 49% in the first half of 2025 compared to the same period in 2024. In total, 4,198 cases were exposed on the dark web between January and June 2025.<\/p>\n        \n        <h4>Main ransomware targets:<\/h4>\n        <ul>\n            <li><strong>By Country:<\/strong> The <strong>United States<\/strong> was the most targeted nation by a large margin, accounting for <strong>49%<\/strong> (596 incidents) of all attacks. This is attributed to its high concentration of profitable businesses and strict compliance laws that pressure companies to resolve incidents quickly.<\/li>\n            <li><strong>By Industry:<\/strong> The <strong>manufacturing sector<\/strong> is the most affected industry, with 229 recorded cases, often due to decentralized security and reliance on outdated, unpatched systems.<\/li>\n            <li><strong>By Business Size:<\/strong> <strong>Small to medium-sized businesses (SMBs)<\/strong> are the prime targets. These organizations often have limited cybersecurity budgets and rely on third-party IT providers, making them more vulnerable.<\/li>\n        <\/ul>\n        \n        <h4>Who was responsible for the attacks:<\/h4>\n        <ul>\n            <li><strong>Qilin:<\/strong> This Russia-linked RaaS group was the most prolific, responsible for <strong>214<\/strong> incidents.<\/li>\n            <li><strong>Safepay:<\/strong> A relatively new group (first detected in late 2024), it was the second most active with <strong>201<\/strong> incidents.<\/li>\n            <li><strong>Akira:<\/strong> This group came in third with <strong>200<\/strong> recorded incidents.<\/li>\n        <\/ul>\n    <\/section>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1a1b0f4 elementor-widget elementor-widget-shortcode\" data-id=\"1a1b0f4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"103071\" class=\"elementor elementor-103071\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6ba5c224 elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"6ba5c224\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2e4bca01\" data-id=\"2e4bca01\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7d983173 elementor-widget elementor-widget-image-box\" data-id=\"7d983173\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About NordStellar<\/h3><p class=\"elementor-image-box-description\">NordStellar is a threat exposure management platform that enables enterprises to detect and respond to network threats before they escalate. As a platform and API provider, NordStellar can provide insight into threat actors\u2019 activities and their handling of compromised data. Designed by Nord Security, the company renowned for its globally acclaimed digital privacy tool NordVPN.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>2025-12-05 &nbsp; Ransomware attacks surged 47% through Q3 2025, reaching 6,330 cases. The US, SMBs, and the manufacturing sector remain the top targets. This rise is fueled by Ransomware-as-a-Service (RaaS) and led by groups like Qilin, emphasizing the need for stronger employee training and data backup.<\/p>","protected":false},"author":149011791,"featured_media":126907,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1305,1306,61],"tags":[1077,1307],"class_list":["post-126893","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-1305","category-nordstellar","category-press-release","tag-1077","tag-nordstellar"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Research: Ransomware isn\u2019t slowing down in Q3 2025 - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Research: Ransomware isn\u2019t slowing down in Q3 2025 - Version 2\" \/>\n<meta property=\"og:description\" content=\"2025-12-05 &nbsp; Ransomware attacks surged 47% through Q3 2025, reaching 6,330 cases. The US, SMBs, and the manufacturing sector remain the top targets. This rise is fueled by Ransomware-as-a-Service (RaaS) and led by groups like Qilin, emphasizing the need for stronger employee training and data backup.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-05T01:10:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"250\" \/>\n\t<meta property=\"og:image:height\" content=\"70\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ericav2\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ericav2\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2025\\\/12\\\/research-ransomware-isnt-slowing-down-in-q3-2025\\\/\"},\"author\":{\"name\":\"ericav2\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/47b5538f057952e0f25c791e955659e7\"},\"headline\":\"Research: Ransomware isn\u2019t slowing down in Q3 2025\",\"datePublished\":\"2025-12-05T01:10:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2025\\\/12\\\/research-ransomware-isnt-slowing-down-in-q3-2025\\\/\"},\"wordCount\":1602,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"keywords\":[\"2025\",\"Nordstellar\"],\"articleSection\":[\"2025\",\"Nordstellar\",\"Press Release\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2025\\\/12\\\/research-ransomware-isnt-slowing-down-in-q3-2025\\\/\",\"url\":\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/\",\"name\":\"Research: Ransomware isn\u2019t slowing down in Q3 2025 - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2025-12-05T01:10:01+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nordstellar.com\\\/blog\\\/ransomware-statistics-2025-q2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Research: Ransomware isn\u2019t slowing down in Q3 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/47b5538f057952e0f25c791e955659e7\",\"name\":\"ericav2\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/270ad369d68b5b4c46455393234c703648ceb9dd2bb6ad776e37d75bd0c5eb0c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/270ad369d68b5b4c46455393234c703648ceb9dd2bb6ad776e37d75bd0c5eb0c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/270ad369d68b5b4c46455393234c703648ceb9dd2bb6ad776e37d75bd0c5eb0c?s=96&d=identicon&r=g\",\"caption\":\"ericav2\"},\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/v2erica\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Research: Ransomware isn\u2019t slowing down in Q3 2025 - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/","og_locale":"en_US","og_type":"article","og_title":"Research: Ransomware isn\u2019t slowing down in Q3 2025 - Version 2","og_description":"2025-12-05 &nbsp; Ransomware attacks surged 47% through Q3 2025, reaching 6,330 cases. The US, SMBs, and the manufacturing sector remain the top targets. This rise is fueled by Ransomware-as-a-Service (RaaS) and led by groups like Qilin, emphasizing the need for stronger employee training and data backup.","og_url":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/","og_site_name":"Version 2","article_published_time":"2025-12-05T01:10:01+00:00","og_image":[{"width":250,"height":70,"url":"https:\/\/version-2.com\/wp-content\/uploads\/2020\/04\/blog-v2-logo.jpg","type":"image\/jpeg"}],"author":"ericav2","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ericav2","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/#article","isPartOf":{"@id":"https:\/\/version-2.com\/2025\/12\/research-ransomware-isnt-slowing-down-in-q3-2025\/"},"author":{"name":"ericav2","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/47b5538f057952e0f25c791e955659e7"},"headline":"Research: Ransomware isn\u2019t slowing down in Q3 2025","datePublished":"2025-12-05T01:10:01+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2025\/12\/research-ransomware-isnt-slowing-down-in-q3-2025\/"},"wordCount":1602,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/#primaryimage"},"thumbnailUrl":"","keywords":["2025","Nordstellar"],"articleSection":["2025","Nordstellar","Press Release"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2025\/12\/research-ransomware-isnt-slowing-down-in-q3-2025\/","url":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/","name":"Research: Ransomware isn\u2019t slowing down in Q3 2025 - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/#primaryimage"},"image":{"@id":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/#primaryimage"},"thumbnailUrl":"","datePublished":"2025-12-05T01:10:01+00:00","breadcrumb":{"@id":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/nordstellar.com\/blog\/ransomware-statistics-2025-q2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/zh\/"},{"@type":"ListItem","position":2,"name":"Research: Ransomware isn\u2019t slowing down in Q3 2025"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/47b5538f057952e0f25c791e955659e7","name":"ericav2","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/270ad369d68b5b4c46455393234c703648ceb9dd2bb6ad776e37d75bd0c5eb0c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/270ad369d68b5b4c46455393234c703648ceb9dd2bb6ad776e37d75bd0c5eb0c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/270ad369d68b5b4c46455393234c703648ceb9dd2bb6ad776e37d75bd0c5eb0c?s=96&d=identicon&r=g","caption":"ericav2"},"url":"https:\/\/version-2.com\/en\/author\/v2erica\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-x0F","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/126893","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/149011791"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=126893"}],"version-history":[{"count":0,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/126893\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=126893"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=126893"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=126893"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}