SpiderLabs Ransomware Tracker Update October 2025: Qlin Doubles Down on Attacks
The worldwide ransomware landscape saw a dramatic shift in attacks in October 2025, jumping 41% month over month, with the most prolific attacker, Qlin, more than doubling the number of attacks it launched, according to Trustwave, A LevelBlue Company, research.
The US remained the primary recipient of ransomware attacks, but October saw manufacturing overtake technology as the most targeted vertical sector.
The ransomware information was derived from a new SpiderLabs ransomware-tracking tool that gathers information from a variety of open intelligence sources and our own proprietary research.
This unique combination of open-source and in-house research provides new insights into ransomware attack trends, the threat groups involved, and their primary targets. The data is not all-inclusive but contains enough information to draw basic conclusions on the direction attacks are taking.
October Attack Figures
In October 2025, SpiderLabs recorded 722 ransomware attacks worldwide, up from 492 in September 2025 and 635 in October 2024.
As noted, the US was the nation most under attack with 298 incidents noted, followed by Canada and France with 45 and 25 attacks, respectively.
Top 5 Threat Groups
Qlin again dominated the stage, but there were some changes in the top five list. Sinobi appeared in third place, pushing Incransom down to fourth and Play to fifth.
A quick breakdown of the new threat actor on the list:
- According to Ransomware.live, Sinobi became active in July 2025 and has so far specialized in attacking healthcare, manufacturing, and construction firms.
Top Threat Groups for October 2025
| Threat Groups Oct. 2025 | Number of Attacks | Threat Groups Sept. 2025 | Number of Attacks |
|---|---|---|---|
| Qilin | 191 or 26.5% | Qlin | 61 or 15.2% |
| Akira | 71 or 9.8% | Akira | 42 or 10.4% |
| Sinobi | 62 or 8.6% | Sinobi | 36 or 8.9% |
| Incransom | 30 or 4.3% | Incransom | 31 or 7.7% |
| Play | 22 or 3.1% | Play | 29 or 7.2% |
Top Vertical Sectors Targeted for October 2025
| Sector Oct. 2025 | Number of Attacks as a % | Sector Sept. 2025 | Number of Attacks as a % |
|---|---|---|---|
| Manufacturing | 101 or 14% | Business Services | 150 or 23.6% |
| Technology | 76 or 10.5% | Manufacturing | 84 or 13.2% |
| Healthcare | 59 or 8.2% | Technology | 79 or 12.4% |
| Business Services | 33 or 4.6% | Healthcare | 63 or 10% |
| Construction | 29 or 4% | Government | 38 or 6% |
SpiderLabs’ research noted a major shift in targeting when data is examined year over year. In October of 2024, business services were the most often targeted vertical sector, followed by manufacturing and technology.
2025 Ransomware Attacks to Date
| Threat Group | Number of Attacks | Target Sector | Number of Attacks |
|---|---|---|---|
| Qilin | 724 or 11.6% | Manufacturing | 726 or 11.7% |
| Akira | 577 or 9.2% | Technology | 735 or 11.7% |
| Sinobi | 419 or 6.7% | Healthcare | 420 or 6.8% |
| Incransom | 332 or 5.3% | Business Services | 334 or 5.3% |
| Play | 283 or 4.5% | Financial Services | 311 or 5% |
Total attacks tracked to date for 2025 are 6,251, up dramatically from the 4,660 SpiderLabs saw in 2024. One data point from the target sector list to call out for October is manufacturing supplanted technology as the threat actor’s favorite victim sector.
Defending Against Ransomware
Trustwave, A LevelBlue Company, offers a number of services and solutions to help organizations defend themselves against ransomware and recover if successfully attacked.
Trustwave’s Ransomware Preparedness service, unlike many offerings in the market today, doesn’t focus on singular aspects of a client’s security defense but looks at all critical lines of defense, using detailed insights and aggregated information to provide client security and business leaders.
The service provides detailed assessments of the organization’s overall preparedness, an understanding of its existing capabilities to identify, respond to, and recover from a ransomware incident, and identification of the gaps, opportunities, and inherent risks it faces.
In addition, Trustwave can help with the basic mitigations all organizations should implement including:
- Enhance cybersecurity hygiene and patch management
- Implement robust backup and recovery plans
- Employee training and awareness
- Multi-Factor Authentication (MFA) and strong credential management
- Incident response planning
目录
最新
- From Compliance to Covert Ops: Demystifying the Offensive Security Landscape
- Black Friday 2025: Aligning Cyber Resilience and Business Goals to Protect Your Retail Business
- Crowdsourced Penetration Testing: Understanding the Risks for Better Decision-Making
- Art and Science: Cyber and Physical Security Convergence Deficiencies in the Louvre Heist
- LevelBlue Futures Report: Retail Leaders Reveal Security Concerns
- SharpParty: Process Injection in C#
- Dissecting and Understanding APT Threat Group Activity
- SpiderLabs Ransomware Tracker Update October 2025: Qlin Doubles Down on Attacks