By rssfeeds-admin 
This shift represents a broader fragmentation of the ransomware ecosystem, where no single player maintains the overwhelming dominance previously seen in the sector.
class="wp-block-heading" id="major-raas-groups-exit-the-scene">Major RaaS Groups Exit the Scene
The second quarter witnessed an unprecedented exodus of prominent ransomware groups from the cybercriminal landscape. RansomHub, which had been averaging around 75 listed victims per month over the previous six months, abruptly ceased operations in early April 2025.
The group’s sudden disappearance left a substantial void in the RaaS ecosystem, creating opportunities for competitors to absorb its displaced affiliates.
Beyond RansomHub, several other significant players vanished from the scene, including Babuk-Bjorka, FunkSec, BianLian, 8Base, Cactus, and Hunters International.
The reasons for these exits vary, but sustained global law enforcement operations have severely disrupted major RaaS groups through takedowns, indictments, and exposure of both operators and individual affiliates.
LockBit, another major player, received its final blow in May 2025 when its internal data was hacked and leaked.
Qilin Emerges as Market Leader with Innovative Tactics
Capitalizing on this disruption, Qilin nearly doubled its activity in Q2 2025, jumping from an average of 35 victims per month to almost 70.
The group, which has maintained a sustained track record since 2022, actively recruited former RansomHub affiliates through enhanced offerings on cybercrime forums.
According to the report, Qilin distinguishes itself through innovative extortion methods that extend beyond traditional encryption-based attacks.
The group recently introduced comprehensive victim pressure services, including legal assistance to review stolen data, assess potential regulatory violations, and prepare documentation for submission to authorities such as tax agencies and the FBI.
Additionally, Qilin now offers integrated DDoS capabilities and tools for spamming victims’ corporate email addresses and phone lines.
The broader ransomware landscape is experiencing a marked shift away from encryption-focused attacks toward data exfiltration and public exposure as the primary extortion method.
This transition reflects both operational pragmatism and evolving victim response patterns, with the global ransomware payment rate dropping to a historic low of just 25-27%.
Despite the overall decline in activity, with Q2 2025 recording 1,607 new victims compared to 2,289 in Q1 2025, the fragmented ecosystem continues to pose significant threats to organizations worldwide.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Qilin Ransomware Rises Following the Collapse of RansomHub RaaS appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.