Ransomware remains one of the biggest concerns for cyber security teams today as it continues to pose a major threat to organisations worldwide. Over the last five to ten years, ransomware attacks have become more sophisticated and more frequent, but in 2025, cybercriminals elevated them to the next level. AI-powered cyber-attacks and new white-label Ransomware-as-a-Service (RaaS) platforms now enable lesser-skilled threat actors to brand their operations and to move faster than ever.

Quorum Cyber’s Threat Intelligence team has tracked the adversaries behind the threats, including the financially motivated threat actors, the nation-state aligned groups from the Big Four of China, Russia, Iran, and North Korea, and the hacktivists. The team has shared its findings, in the new Global Cyber Risk Outlook: Emerging Threat Intelligence Insights report, which uncovers how ransomware trends vary across different sectors, and outlines what organisations can do to protect their data, their customers, and their reputations from harm.

Research from the company’s Threat Intelligence, Incident Response, and Counter Extortion teams gives a comprehensive analysis of the global cyber security landscape. It reveals how AI-enabled tools and RaaS are accelerating attacks and elevating the threat level for organisations in every sector. It also looks ahead to what is expected from hacktivist and nation-state aligned adversaries over the coming year.

Growing number of ransomware groups and rising ransom fees

The Threat Intelligence team’s findings are based on incidents and investigations observed across more than 350 organisations globally, spanning businesses with between 10 and 10,000 employees.

Over that period, the number of newly formed ransomware groups rose by 30% in the year to October 2025, while global vulnerability disclosures increased by 21% to surpass 35,000 for the first time. This increase was driven by new, white-label RaaS platforms which enable cybercriminal groups to create their own brand identities, and access the infrastructure required to extort organisations.

The ransom fees demanded of victim organisations also rose in 2025, but the actual values increased varied widely depending on the sector. Analysing its own information and data from Falcon Feeds, Quorum Cyber’s Threat Intelligence team calculated that the financial services and manufacturing industries were the worst hit, with demands surging by 179% and 97% respectively. The report discloses figures for seven other sectors from housing and construction, legal and professional services, and energy through to healthcare and pharmaceuticals, retail, higher education, and the public sector.

Access the full report and sign up for the webinar

The 2026 Global Cyber Risk Outlook, which is now available to download, analyses ransomware trends, the sources of ransomware attacks, and explains how organisations in the private, public, and not-for-profit sectors can best to defend against them.

Quorum Cyber’s Senior Threat Intelligence Consultant Jack Alexander and Head of Advisory John Dellinger, together with Microsoft’s Chief Security Advisor Lesley Kipling, will discuss ransomware trends in a webinar at 11am ET / 4pm GMT on Wednesday 25th February 2026. Registrations for the webinar are now open.