Ransomware Moves: Supply Chain Hits, Credential Harvesting

Innovation Continues, Although Sloppy Coding Can Still Leave Data Unrecoverable Mathew J. Schwartz (euroinfosec) • November 28, 2025

Ransomware groups continue to display more innovation, persistence and planning in their quest to amass fresh ransom-paying victims and maximize profits. This has included repeat supply chain attacks, harvesting credentials to use in later campaigns, as well as launching new affiliate programs.

See Also: Top 10 Technical Predictions for 2025

Attack volume remains high. The quantity of victims listed across ransomware groups' data leak sites increased by one-third from September to October, says a report from cybersecurity firm Cyble. Groups listing the most victims included high-fliers Qilin and Akira, newcomer Sinobi - which only appeared in July - and stalwarts INC Ransom and Play.

Blockchain intelligence firm Chainalysis tracked $1.25 billion in ransom payments in 2023, dropping to $814 million in 2024.

Innovation remains rife as groups seem set on reversing ...