September 2025 Threat Trend Report on Ransomware

This report provides information on the number of systems affected during the month of September 2025, statistics related to the DLS-based ransomware, and key ransomware issues from around the world. Below is a summary of the report.

 

The statistics on the number of ransomware samples and affected systems are based on the diagnosis criteria given by AhnLab. The statistics on the number of affected companies are based on the information provided on the Dedicated Leak Sites (DLS) of the ransomware groups and the time when the information was collected by the ATIP infrastructure.

 

Summary of Statistics

The following are the four statistics that are available. The AhnLab SEcurity intelligence Center (ASEC) blog only provides the trend statistics for “Ransomware Detections and Statistics (Past 3 Years)”, while the other statistics can be viewed in the reports attached to AhnLab TIP.

 

• Statistics on Top 10 affected countries by ransomware groups (Sep. 2025)
• Statistics on industries of affected companies by ransomware groups (Sep. 2025)
• Top 10 ransomware groups in the last 3 years
• Ransomware detections and statistics in the last 3 years

 

 

[Summary of Key Issue]

In September 2025, the ransomware ecosystem saw an overwhelming month of activity from the Qilin group and the emergence of new groups. In particular, the Qilin group’s concentrated attacks against asset management companies in Korea were the most notable events.

The AhnLab TIP report covers the following topics: the latest trends of key ransomware groups and ransomware damage by industry and region.

 

• Trend of major ransomware groups (Qilin, Kill Security, INC RANSOM, etc.)
• Affected areas by industry
• Affected areas by region
• New Threat Trends