Frontline Insights - Ransomware Q4 2025 Report

Frontline Insights - Ransomware Q4 2025 Report Excerpt:

In Q4 2025, ransomware activity sharply increased after a relatively stable period over the previous two quarters, with numbers surpassing Q1 2025. As a refresher, Q1 peaked at 2,132 events, then declined to 1,437 by Q2 (April–June: 545 → 464 → 428). Q3 then edged lower to 1,405 (July–September: 489 → 455 → 461), a modest −2.2% quarter-on-quarter softening that suggested stabilisation rather than a fresh downturn. This previous pattern was consistent with postdisruption recalibration of major crews that were retooling and affiliates consolidating after fragmentation. However, this last quarter saw a total of 2,262 ransomware events (October-December: 773 → 654 → 835).

This document will cover:

• 2025 Annual Review – Ransomware Landscape

• Ransomware Landscape: Overview of Q4 2025

• Ransomware Operations Q4 2025

• Targeted Sectors

• Manufacturing & Industrial Products

• Professional Services

• Engineering & Construction

• Consumer and Retail

• Healthcare & Life Sciences

• Technology

• Transport & Logistics

• Financial Services

• Education

• Government & Public Sector

• Travel & Leisure

• Closing Remark

Authors:

• Evan Vougdis - Head of Cyber Intelligence and Response of NSB Cyber

• Dimitri Dubuc - Cyber Associate of NSB Cyber