May 2025 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples collected, the number of affected systems, and affected companies in May 2025, as well as key ransomware issues in Korea and abroad. The following is a summary of the report.
Disclaimer: The number of ransomware samples and damaged systems is based on the detection names assigned by AhnLab, and statistics on targeted companies are based on the information published on the dedicated leak sites (DLS) of the ransomware group, also referred to as ransomware PR sites or PR pages, collected by the ATIP infrastructure over time.
[Summary of Statistics]
The following shows the total number of ransomware samples collected in the past 6 months.
In May, the number of new samples collected showed a relatively decreasing trend compared to that of April. The types of malware that make up the number of new samples in May will be covered in section 3.
[Companies Affected by Ransomware Group]
* The blurred information in the image below shows the ransomware group that launched the attack and the affected company’s information. Details can be found in the report uploaded to ATIP.
The following are the statistics of affected companies posted by DLS of the ransomware groups collected by ATIP. There are also ransomware groups whose data has been collected late or not collected at all, so please refer to the “Affected Companies by Ransomware Group (External Statistics)” below.
Below are some of the lists of affected companies that have been published by each ransomware group.
※ For more information, please refer to the attachment.
