July 2025 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples and affected systems, and affected companies that were collected over the course of July 2025, as well as major ransomware issues in and out of Korea. Below is a summary of the information.
Disclaimer: The number of ransomware samples and damaged systems is based on the detection names assigned by AhnLab, and statistics on targeted companies are based on the information published on the dedicated leak sites (DLS) of the ransomware group, also referred to as ransomware PR sites or PR pages, collected by the ATIP infrastructure over time.
[Summary of Statistics]
The following are the four statistics provided by AhnLab SEcurity intelligence Center (ASEC). The ASEC blog only provides the trend statistics of “Ransomware DLS and Detections Statistics (Past 3 Years)”, and the other statistics can be found in the reports attached to AhnLab TIP.
- Statistics of Ransomware Group by Country (Jul. 2025)
- Industries of companies affected by ransomware groups (as of July 2025)
- Top 10 Ransomware Group Trends in the Last 3 Years
- Ransomware DLS and Detection Statistics (Last 3 years)
Key Issue Summary
In July 2025, the ransomware ecosystem saw a major attack on the largest financial institution in Korea and the continuous emergence of new groups. New ransomware groups also became active, including BEAST, Payouts King, D4rk4rmy, and Sinobi. Meanwhile, existing groups continued their operations through rebranding.
The AhnLab TIP report covers the following topics: the major ransomware groups and their trends, and the industries and regions affected by ransomware.
- Trends of Major Ransomware Groups (Gunra, Qilin, Lynx, SAFEPAY, etc.)
- By Industry
- Regional Damage Trends
- New Threat Trends
※ For more information, please refer to the attachment.
