August 2025 Threat Trend Report on Ransomware
This report provides the statistics and major ransomware-related issues in Korea and worldwide, as well as the number of affected systems and ransomware cases based on Dedicated Leak Sites (DLS) over the course of August 2025. Below is a summary of the report.
Disclaimer: The number of ransomware samples and damaged systems is based on the detection names assigned by AhnLab, and statistics on targeted companies are based on the information published on the dedicated leak sites (DLS) of the ransomware group, also referred to as ransomware PR sites or PR pages, collected by the ATIP infrastructure over time.
[Summary of Statistics]
The following are the four statistics provided by AhnLab SEcurity intelligence Center (ASEC). The ASEC blog only provides the trend statistics of “Ransomware DLS and Detections Statistics (Past 3 Years)”, and the other statistics can be found in the reports attached to AhnLab TIP.
- Statistics of Ransomware Group by Country (August 2025)
- Industries of companies affected by ransomware groups (as of Aug. 2025)
- Top 10 Ransomware Group Trends in the Last 3 Years
- Ransomware DLS and Detection Statistics (Last 3 years)
Key Issue Summary
In August 2025, the ransomware ecosystem saw the prominent global expansion of the Qilin group and the continuous emergence of new groups. The most notable trends were the spread of attacks in the Asia-Pacific region and the deepening of attacks against important infrastructures.
The AhnLab TIP report covers the following topics: the major ransomware groups and their trends, and the industries and regions affected by ransomware.
- Trends of Major Ransomware Groups (Qilin, WARLOCK, INC RANSOM, etc.)
- Damage by Industry
- Regional Damage Trends
- New Threat Trends
