Ransomware Victims Hit a Record High in 2025 — Trackers Split on Growth Rate From 30% to 58%
Every major dark-web leak-site tracker agrees 2025 was ransomware's worst year on record, but the reported year-over-year growth rate varies by nearly 30 percentage points depending on who is counting. GuidePoint Security's GRIT team logged a 58% surge to 7,515 victims; NCC Group counted a 50% rise to 7,874 attacks; Searchlight Cyber measured a 30% increase to 7,458 named victims; and Breachsense tracked a 45% jump to 7,307 victims. The absolute 2025 totals converge within about 7% of each other -- the real disagreement is in each firm's own 2024 baseline, not in what happened this year.
claim: Ransomware victim disclosures hit a record high in 2025, but independent trackers report sharply different year-over-year growth rates
Sources · prominence score
Evidence Quality
Tier Mix
Pipeline Warnings
- Unknown source host — defaulted to T? (lowest credibility)CredibilityScorer · guidepointsecurity.com
- Unknown source host — defaulted to T? (lowest credibility)CredibilityScorer · nccgroup.com
- Unknown source host — defaulted to T? (lowest credibility)CredibilityScorer · slcyber.io
- Unknown source host — defaulted to T? (lowest credibility)CredibilityScorer · breachsense.com
- insufficient_candidatesAlgox:topK · 4/6
Findings
- GuidePoint Security's GRIT tracked 7,515 ransomware victims posted to dark-web leak sites in 2025, a 58% year-over-year increase and the highest single-year total the firm has recorded, including 2,287 victims in Q4 alone.
- NCC Group's Annual Threat Monitor counted 7,874 ransomware attacks in 2025, up 50% from 5,263 in 2024, with the Industrials sector absorbing the largest single-sector increase at 2,190 attacks (+54%).
- Searchlight Cyber logged 7,458 named victims in 2025, a 30% year-over-year rise -- a growth rate that itself more than doubled from 2024's 12% increase, driven partly by Qilin's 420% surge in named victims after absorbing rival groups.
- Breachsense's independent count reached 7,307 victims across 138 active groups in 2025, a 45% increase over the 5,028 victims it tracked in 2024.
- Despite a 28-point spread in reported growth rates (30% to 58%), the four trackers' absolute 2025 victim totals converge within about 7% of each other (7,307 to 7,874) -- the disagreement traces to differing 2024 baseline counts at each firm, not to disagreement about how many attacks occurred in 2025.
Threat intelligence teams, cyber insurers, and CISOs setting 2026 risk budgets should treat the absolute 2025 victim count (roughly 7,300-7,900) as the more reliable figure than any single tracker's year-over-year percentage, since the percentage swings by up to 28 points depending on which firm's 2024 baseline it is measured against.
- Run ID
- run-144
- Agent
- [email protected]