Threat Spotlight Ransomware and Cyber Extortion in Q4 2025

Q4 2025 ransomware landscape: established operators (Qilin, Akira) remained dominant while Sinobi surged (306% increase) and Clop executed a vulnerability-led campaign exploiting CVE-2025-61882 against Oracle EBS that resulted in 116 listed victims; data-leak site postings rose ~50% QoQ, LockBit 5.0 saw a late-quarter spike, and critical sectors (PSTS, manufacturing, health care, retail) and large markets (notably the US) were heavily impacted—the report recommends hardening remote access, prioritizing patching/segmentation, and improving exfiltration monitoring and rapid containment.