Ransomware Groups Multiply Despite Stabilized Attack Activity
The ransomware ecosystem continues to evolve with a record number of active groups operating worldwide, according to reports from cybersecurity researchers. GuidePoint Security’s recently released Q3 2025 Ransomware & Cyber Threat Report indicates that while the total number of known attacks has stabilized, the threat actor landscape has become increasingly fragmented.
Unprecedented Growth in Ransomware Operations
Analysts suggest the number of distinct ransomware groups has surged to 77 active entities, representing a 57 percent year-over-year increase. This growth occurs despite what the report describes as stabilized overall ransomware activity across global networks and systems.
Nick Hyatt, Senior Threat Intelligence Analyst at GuidePoint Security, explained that “while overall activity has stabilized, the number of distinct ransomware groups has surged to a record 77 — highlighting both the consolidation of skilled operators within major Ransomware as a Service (RaaS) platforms and the ongoing churn of emerging or lower-skill actors entering the ecosystem.”
Manufacturing Sector Experiences Significant Impact
The analysis reveals particularly concerning trends for the manufacturing industry, which reportedly experienced a 26 percent quarter-over-quarter increase in ransomware incidents. This sector appears to be increasingly targeted by diverse threat actor groups employing varied tactics and techniques.
According to the report, this diversification creates substantial challenges for organizational defense strategies. “The growing diversity of ransomware groups is creating new challenges for defenders,” Hyatt added in the findings. “While established actors like Qilin and Akira are streamlining their operations, newer groups such as SafePay demonstrate how even small, insular actors can thrive by staying under the radar.”
Law Enforcement Actions and Regulatory Developments
The comprehensive Q3 2025 Ransomware & Cyber Threat Report also examines several additional critical developments in the cybercrime landscape:
- New State Regulations: Sources indicate emerging state rules surrounding ransomware payments are creating additional compliance considerations for victim organizations
- Threat Actor Analysis: The report provides detailed examination of threat actors SafePay and Rhysida, highlighting their operational methodologies
- Law Enforcement Impact: According to the analysis, enforcement actions targeting cybercriminal forums continue to influence threat actor behavior and platform availability
Adapting to the “New Normal” in Cybersecurity
The research suggests that the current ransomware environment represents a “new normal” that requires sustained organizational vigilance. As intelligence analysis becomes increasingly crucial for defense planning, security teams must adapt to this fragmented threat landscape where both established and emerging groups pose significant risks.
Hyatt emphasized that “this ‘new normal’ isn’t a reason for complacency — it underscores the need for sustained vigilance in an increasingly fragmented threat landscape.” The complete findings are available through GuidePoint Security’s research portal for organizations seeking to strengthen their defensive postures.
This report comes alongside other significant technology developments including advancements in AI-powered tariff management, potential financial services expansion from major content creators, emerging streaming platform partnerships, processor developments in consumer devices, and strategic business alliances across the technology sector.
This article aggregates information from publicly available sources. All trademarks and copyrights belong to their respective owners.
