GuidePoint Security recently unveiled its quarterly Ransomware & Cyber Threat Report. Delving into the evolving Ransomware as a Service (RaaS) ecosystem, it found a 57 percent year-over-year increase in the number of active ransomware groups.
According to Nick Hyatt, Senior Threat Intelligence Analyst at GuidePoint Security, "while overall activity has stabilized, the number of distinct ransomware groups has surged to a record 77 — highlighting both the consolidation of skilled operators within major RaaS platforms and the ongoing churn of emerging or lower-skill actors entering the ecosystem.”
The Q3 2025 Ransomware & Cyber Threat Report also explores new state rules surrounding ransomware payments, examines threat actors SafePay and Rhysida and analyzes the impact of law enforcement actions targeting cybercriminal forums. Perhaps most notably, manufacturing attacks rose 26 percent quarter-over-quarter.
“The growing diversity of ransomware groups is creating new challenges for defenders,” Hyatt added. “While established actors like Qilin and Akira are streamlining their operations, newer groups such as SafePay demonstrate how even small, insular actors can thrive by staying under the radar. This ‘new normal’ isn’t a reason for complacency — it underscores the need for sustained vigilance in an increasingly fragmented threat landscape.”
For more information, the Q3 2025 Ransomware & Cyber Threat Report is available for download.
