November 2025 Threat Trend Report on Ransomware

This report provides the number of affected systems confirmed during November 2025, DLS-based ransomware-related statistics, and notable ransomware issues in Korea and abroad. Below is a summary of some information.

 

The statistics on the number of ransomware samples and affected systems are based on the diagnostic names assigned by AhnLab. Please note that the statistics on affected companies are based on the information publicly available on the DLS (Dedicated Leak Sites) of the ransomware groups and were collected by the ATIP infrastructure.

 

Summary of Statistics

The following are the four statistics provided in the report. The AhnLab SEcurity intelligence Center (ASEC) blog only provides the trend statistics of “Ransomware Detections and Statistics (Past 3 Years)” and the other statistics are available in the report attached to AhnLab TIP.

 

• Top 10 Countries by Ransomware Group (Nov. 2025)
• Industries of companies affected by ransomware groups (Nov. 2025)
• Trend of Top 10 Ransomware Groups in the Last 3 Years
• Ransomware DLS and Detection Statistics (Last 3 Years)

 

 

Key Issue Summary

In November 2025, ransomware groups launched attacks against various industries worldwide. Attacks targeting critical infrastructure such as manufacturing, healthcare, and finance were particularly notable. The activities of existing groups also continued to be active with the emergence of new ransomware groups.

The AhnLab TIP report covers the following topics: the main ransomware groups and their trends, and the industries and regions affected by ransomware.

 

• Trends of Major Ransomware Groups (Clop, Akira, Qilin, etc.)
• Damage Trend by Industry
• Regional Damage Trends
• New Threat Trends