Qilin Continues to Lead Ransomware Groups Despite Emerging Threats
August saw Qilin lead ransomware assaults once more, but it’s worth keeping an eye on given the quick ascent of Sinobi and The Gentlemen, as well as the reappearance of LockBit.
Ransomware Attacks by Country, August 2025, Source: Cyble
Although two quickly developing rivals are threatening to upend the threat landscape, Qilin was still the most popular ransomware organization in August.
These are some of the findings from today’s edition of Cyble’s monthly ransomware blog.
Although Qilin’s 104 victims in August were far more than Akira’s 56 (see the chart below), a number of circumstances, including the quick ascent of Sinobi and The Gentlemen and the reappearance of LockBit, might completely alter the ransomware scene in September
Top ransomware groups for August 2025 (Cyble)
Even though August’s ransomware assault total is still far lower than February’s record, the 467 attacks in August represented the fourth consecutive month-over-month increase (see chart below). A concerning pattern of increasing supply chain attacks included a number of attacks with ramifications for the software supply chain.
Even though August’s ransomware assault total is still far lower than February’s record, the 467 attacks in August represented the fourth consecutive month-over-month increase (see chart below). A concerning pattern of increasing supply chain attacks included a number of attacks with ramifications for the software supply chain.
Ransomware attacks by month 2021-2025 (Cyble)
The United States was responsible for around 60% of the ransomware assaults in August, which is about ten times more than Germany and the United Kingdom.
Qilin Takes Over After RansomHub’s Decline
Qilin’s 398 reported victims are almost 70% higher than Akira’s since RansomHub’s demise at the end of March (chart below). The “features and incentives appear to be gaining traction with former RansomHub and other affiliates,” according to Cyble.
Top ransomware groups April-August 2025 (Cyble)
Since April, Qilin has been responsible for over 18% of the 2,164 ransomware assaults that have occurred, with Akira being the only other ransomware organization to surpass 10% at 10.7%.
As the group has jumped to third rank after just two months of existence, Cyble observed that “the rapid rise of Sinobi might be even more impressive.”
To date, Sinobi has reported 41 victims, all but two of whom were in the United States. Sinobi may be linked to Lynx, which has been linked to INC Ransom, because of similarities in code and data leak sites. They might only be related rather than rebranded because all three groups are still operating.
Since August 24, Sinobi has only claimed one new victim, according to Cyble, suggesting that its explosive growth may not be sustainable.
The Gentlemen Appear When LockBit Comes Back
With over 30 victims in September, The Gentlemen has been another extremely active new gang, “so the most active ransomware group list may well change again this month,” Cyble stated.
With its 5.0 release, former ransomware leader LockBit is attempting a second comeback; therefore, September may prove to be yet another crucial month for ransomware organizations.
Cyble came to the conclusion that “one of the biggest threats facing cybersecurity teams and organizations of all sizes is the continued evolution of ransomware groups and variants.” “Security teams need to be as vigilant as possible due to the financial, data, infrastructure, and operational harm that these attacks cause.”
Vigilance sounds like sensible advice for security teams in general, especially in light of several notable recent hacks that have brought enterprises to a stop for weeks or longer.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
Chinese Organization Offers Thousands of False Licenses and Passports: Global Identity Theft
About Author
English