GuidePoint Security, a cybersecurity advisor and services partner, recently unveiled their GuidePoint Research and Intelligence Team’s (GRIT) annual 2026 Ransomware & Cyber Threat Report.
“The GRIT 2026 Ransomware & Cyber Threat Report shows the most active year for ransomware we’ve ever recorded, revealing a 58 percent year-over-year increase in ransomware victims,” said Jason Baker, Lead Threat Analyst at GuidePoint Security.
“While law enforcement disruptions have reshaped the Ransomware-as-a-Service (RaaS) ecosystem, group fragmentation is driving new patterns of high-volume, repeatable operations. The rise of Qilin as the most active group we’ve ever tracked — surpassing even LockBit — underscores how the ecosystem is evolving.”
Findings from this year’s report include:
- Ransomware victim numbers hit a new all-time high, with the most recorded in a single quarter since the report’s inception.
- The number of threat groups has reached record levels with 124 distinct ransomware groups active in 2025, the highest ever recorded and a 46 percent year-over-year increase.
- A new RaaS leader has emerged. Qilin’s activity levels in 2025 were the highest of any group ever observed.
- The Manufacturing industry was the most heavily impacted by ransomware, accounting for 14 percent of attacks.
- High ransomware activity levels should continue in 2026. December 2025 was the most active month for claimed ransomware victims on record with a 42 percent year-over-year increase.
The report also explores the growing use of AI in ransomware attacks, the impact of zero-day vulnerabilities on ransomware, and takes an in-depth look at major ransomware operators throughout the year, including payments made to the Qilin and Akira groups.
