Ransomware activity in August 2025 showed global expansion by the Qilin group, continued emergence of new groups, and increased targeting of critical infrastructure and the Asia-Pacific region. The AhnLab TIP report provides statistics on affected industries, regional trends, top ransomware groups, and DLS/detection trends over the past three years. #Qilin #AhnLab
Keypoints
- Qilin expanded its global operations in August 2025, marking a prominent growth in activity.
- New ransomware groups continued to appear, contributing to a more fragmented threat landscape.
- Attacks increasingly targeted the Asia-Pacific region, showing a regional concentration of incidents.
- Critical infrastructure suffered deeper and more frequent attacks during the reporting period.
- AhnLab TIP compiled statistics including ransomware groups by country, industries affected, top 10 group trends, and DLS/detection statistics over the past three years.
- Ransomware incident counts and affected system numbers are based on AhnLab detection names and DLS listings collected via ATIP infrastructure.
- The report emphasizes monitoring major groups (e.g., Qilin, WARLOCK, INC RANSOM) and tracking new threat trends across industries and regions.
MITRE Techniques
- [Tactic not explicitly named] Ransomware distribution/impact β The article references ransomware spread and damage generally: βthe ransomware ecosystem saw the prominent global expansion of the Qilin group and the continuous emergence of new groups.β (No specific MITRE technique IDs were provided in the report.)
Indicators of Compromise
- [Report-level metadata] Context on data sources β Statistics and sample counts are based on AhnLab detection names and DLS listings collected by ATIP (no specific IPs, hashes, domains, or file names were provided in the summary).
Read more: https://asec.ahnlab.com/en/90159/