Ransomware and Cyber Extortion in Q3 2025

Q3 2025 ransomware intelligence: Scattered Spider teases an English‑led RaaS (ShinySp1d3r), LockBit returns with LockBit 5.0 authorizing attacks on critical infrastructure, major RaaS groups form alliances (LockBit, DragonForce, Qilin), active data‑leak sites hit a record 81, and emerging groups drive sector and country spikes (notably healthcare and Thailand); the report concludes with mitigation recommendations (network segmentation, patching, stricter access controls, and EDR playbooks).