In November 2025, AhnLab’s report summarizes confirmed counts of affected systems, DLS-based ransomware statistics, and notable incidents in Korea and abroad, with data collected via AhnLab TIP and ATIP. The report highlights active campaigns from established and emerging ransomware groups and provides trends by country, industry, and DLS/detection statistics. #Clop #Akira
Keypoints
- Report provides four core statistics: Top 10 countries by ransomware group, industries affected, three-year trend of top 10 ransomware groups, and ransomware DLS and detection statistics for the last three years.
- Statistics on samples and affected systems are based on AhnLab diagnostic names; affected-company counts derive from public information on ransomware Dedicated Leak Sites (DLS) collected by ATIP.
- November 2025 saw global ransomware activity affecting multiple industries, with critical infrastructure sectors—manufacturing, healthcare, and finance—particularly notable targets.
- Both long-standing ransomware groups and newly emerged groups remained active during the period, with specific mention of groups such as Clop, Akira, and Qilin.
- AhnLab ASEC and TIP provide trend summaries and detailed reports respectively: ASEC publishes three-year detection trends while the TIP report contains the full set of statistics and analyses.
- Report sections include trends of major ransomware groups, damage trends by industry, regional damage trends, and newly observed threat patterns from DLS monitoring.
MITRE Techniques
- No MITRE ATT&CK techniques were explicitly mentioned in the article.
Indicators of Compromise
- No indicators of compromise (IP addresses, file hashes, domains, or file names) were provided in the article.
Read more: https://asec.ahnlab.com/en/91599/