GBHackers: 7,831 ransomware victims

Ransomware is still growing — just not in the simple old way where you measure the problem by ransom payments alone. The new wrinkle is scale. A GBHackers write-up this week pointed to BlackFog’s 2025 ransomware report, which counted 7,831 victims worldwide in 2025 and said attacks were up 49% from the year before. That matters because the attack pipeline is getting faster, more automated, and harder to spot early, even while some payment data looks flatter than the victim counts. (gbhackers.com) ### Where does the 7,831 number come from? That figure comes from BlackFog’s 2025 State of Ransomware report, which tracks both publicly disclosed and non-disclosed attacks. BlackFog says the 7,831 total reflects ransomware activity across 2025 and pairs it with a 49% year-over-year increase. The same release makes a second point that’s easy to miss — 86% of incidents go undisclosed, (gbhackers.com)al volume. (blackfog.com) ### So is this really about AI? Yes, but not mostly in the movie-villain sense of fully autonomous ransomware. The more immediate change is that AI helps criminals do the boring, high-volume parts better — phishing copy, impersonation, reconnaissance summaries, payload customization, and even negotiation workflows. GBHackers has separately covered examples like Cl(blackfog.com)egotiation, and PromptLock, which ESET described as the first known ransomware strain using a local large language model to generate parts of its malicious logic on the victim machine. (gbhackers.com) ### Why does that change the threat? Because AI lowers the labor cost of being a criminal. A smaller crew can now produce more convincing lures, adapt messages to different targets, and move faster from intrusion to extortion. That does not magically break encryption or invent new zero-days. But it does make the whole operation more like a factory line (gbhackers.com)y the kind of change that can drive victim counts up even if each individual attack is not technically revolutionary. (gbhackers.com) ### But aren’t ransom payments falling? In some datasets, yes. Chainalysis said total on-chain ransomware payments fell about 8% to $820 million in 2025, even as claimed attacks rose 50%. Earlier reporting from Chainalysis also showed a 35.82% drop in 2024 payments. Basically, more organizations are getting hit or claimed as victims, but fewer are paying, or they are paying less often(gbhackers.com)ing” and “the attacks are increasing” can both be true at once. (chainalysis.com) ### What should engineers take from this? The lesson is not “fear AI.” It is “assume the attacker’s cheap work just got cheaper.” For cloud and backend teams, that pushes a few basics to the top of the list — least-privilege access, tighter secrets handling, immutable backups, tested restore paths, and segmentation that keeps one compromised identity from turning into a (chainalysis.com)o automate, recovery discipline matters more than ever. That is the part many teams still underinvest in. (blackfog.com) ### Which sectors are feeling it first? Healthcare keeps showing up near the top. BlackFog’s 2025 report said healthcare was the most targeted sector at the end of 2025, and other industry tracking has shown supply-chain-heavy and operationally sensitive sectors staying exposed as well. The reason is simple — if downtime is intolerable, extortion pressure works better. Attackers do not need every victim to pay. They need enough desperate ones. (blackfog.com) ### What is the real bottom line? The headline number — 7,831 victims — is less about one giant breakthrough than about compounding efficiency. Ransomware crews are borrowing AI anywhere it saves time or increases pressure, and that is enough to make a bad problem bigger. So the practical response is boring but real: reduce blast radius, protect credentials, rehearse recovery, and assume the next attack will be faster than the last one.