Frontline Insights - Ransomware Q2 2025 Report

Cyber Threat Intelligence
Written By Shane Bell
 

Frontline Insights - Ransomware Q2 2025 Report Excerpt:

In Q2 2025, ransomware activity presented a mixed landscape, with a noticeable shift following the disruptions seen in earlier months. The period saw a decline in overall attacks compared to the aggressive surge of Q1, with 1,437 observed ransom events in Q2 2025 compared to over 2,100 ransom events in Q1 2025, largely influenced by the operational setbacks of major groups like RansomHub. However, the threat remained dynamic, with new and existing groups adapting to fill the void, indicating a resilient underground ecosystem. The focus shifted towards more targeted, high-impact assaults, exploiting vulnerabilities in critical sectors such as retail and food supply chains. 

This document will cover:

  • Overview

  • RansomHub: A Dominant yet Disrupted 2025

  • Ransomware Operations Q2-2025

  • Targeted Sectors

  • Closing Remark

Authors:

  • Evan Vougdis - Cyber Director of NSB Cyber

  • Dimitri Dubuc - Cyber Analyst of NSB Cyber

 
 
 
Shane Bell
Next

Frontline Insights - Ransomware Q1 2025 Report