Check Point Research’s Q2 2025 Ransomware Report shows how attackers are mixing AI with classic extortion tactics. Based on leak site data and threat intel, it breaks down how ransomware is changing – and what defenders need to do about it.
Highlights from this quarter’s findings:
- AI-Powered Negotiation Tactics: Threat actors are now using AI to automate communications and sharpen social engineering. -Data-Only Extortion: Encryption takes a back seat as exfiltration becomes the weapon of choice - Ecosystem Disruption: Major ransomware-as-a-service (RaaS) players like LockBit and RansomHub go dark, shaking up the power structure. - New Pressure Tactics: Our Supply Chain Intelligence module continuously monitors your vendors and suppliers for relevant cyber risks and incidents.
Download Now
By the Numbers: Q2 2025 Snapshot
1,607 Organizations publicly listed on ransomware leak sites in Q2 2025
9.8% Ransomware attacks that targeted the manufacturing sector
#1 Qilin ranked as the most active group, doubling its attack volume.
.svg "Untitled design (1)")
