October 2025 saw dominance by the Inc_Ransom group and notable attacks by the newly active Qilin group, including a high-profile campaign against Japan’s largest beer companies. The report analyzes DLS-based ransomware statistics, detection trends, and industry/region impacts collected by AhnLab TIP and ATIP. #Inc_Ransom #Qilin
Keypoints
- Inc_Ransom was the most dominant ransomware group in October 2025 based on DLS mentions and affected systems.
- The Qilin group emerged with a major campaign targeting Japan’s largest beer companies, marking a significant new threat activity.
- Statistics use AhnLab detection names for ransomware samples and ATIP-collected DLS leak site data to count affected companies.
- Report sections include top affected countries, industries by ransomware group, three-year trends of top groups, and three-year detection/DLS statistics.
- ASEC Blog provides trend statistics for the last three years on ransomware DLS and detections, while detailed stats are in AhnLab TIP attachments.
- October’s landscape showed both established groups (e.g., RansomHouse, Black Shrantac) and newly appearing threats influencing overall damage trends.
- The report breaks down damage trends by industry and region to highlight where ransomware impacts were concentrated.
MITRE Techniques
- [T1490] Inhibit System Recovery – Used by ransomware groups to prevent victims from restoring systems, implied by the report’s focus on ransomware damage and affected systems (“statistics on the number of affected systems”).
- [T1486] Data Encrypted for Impact – Core ransomware behavior discussed throughout the report as it summarizes affected systems and companies listed on DLS (“number of ransomware samples and affected systems”).
- [T1190] Exploit Public-Facing Application – Implied by targeted campaigns such as Qilin’s attacks on large corporations, suggesting exploitation of internet-facing services (“Qilin group launched a series of attacks on Japan’s largest beer companies”).
- [T1489] Impact – Denial of Service or destruction activities inferred from major ransomware issues and industry damage trends described in the report (“major ransomware issues in and out of Korea in October 2025”).
Indicators of Compromise
- [Affected Systems] Count of affected systems – aggregated detection statistics using AhnLab detection names (example counts not provided in summary; report contains numeric details).
- [DLS Entries] Affected companies by ransomware group – listings collected from Dedicated Leak Sites (examples: Inc_Ransom-affiliated leak entries, Qilin-targeted corporate disclosure; and other group entries).
- [Detection Names] Ransomware sample identifiers – detection names set by AhnLab used to track samples (examples: AhnLab detection name format entries; and 2 more sample identifiers in attached report).
Read more: https://asec.ahnlab.com/en/91178/