April 2025 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples collected, the number of affected systems, and affected companies in April 2025, as well as key ransomware issues in and out of Korea. Below is a summary of the report.
Disclaimer: The number of ransomware samples and damaged systems is based on the detection names assigned by AhnLab, and statistics on targeted companies are based on the information published on the dedicated leak sites (DLS) of the ransomware group, also referred to as ransomware PR sites or PR pages, collected by the ATIP infrastructure over time.
[Summary of Statistics]
The following is the total number of ransomware samples collected in the last 6 months.
The number of new samples collected in April showed a relatively increase compared to March. The types of malware that make up the number of new samples in April will be covered in Section 3: New samples by ransomware.
[Companies Affected by Ransomware Group]
* The blurred information in the figure below shows the ransomware group’s details and the information of the affected companies posted on the DLS. For more information, please refer to the report uploaded on ATIP.
The following are the statistics of affected companies posted on the DLS by ransomware groups collected by ATIP. There are also ransomware groups whose data was collected late or not collected, so please also refer to the “Statistics of Affected Companies by Ransomware Group (External)” section below.
Below is a list of some of the affected companies that have been made public by each ransomware group.
