A new report highlighted by The Hacker News shows that ransomware has reached a critical point of fragmentation. According to Check Point Research, Q3 2025 saw 85 active ransomware and extortion groups, a level never seen before. Fourteen of those groups were brand new and nearly 1,600 victims appeared across leak sites during the quarter.
You can read the source article here: Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns.
This trend represents a serious shift in the cyber threat landscape. For years, defenders could focus on a handful of major ransomware brands. That is no longer the case. These smaller groups operate in unpredictable ways, often provide no decryption keys after payment, and disappear quickly. That makes negotiation unreliable and defense strategies more complex.
While ransomware has splintered, one major name has resurfaced: LockBit, now returning with LockBit 5.0. The new version shows clear technical upgrades including:
Faster encryption
Improved evasion capabilities
Ability to target Windows, Linux, and ESXi
More sophisticated per-victim negotiation infrastructure
Within the first month of reappearing, LockBit 5.0 had already compromised multiple victims.
The ransomware world now has two problems at once. Fragmented groups that are difficult to track and a high-end, well-resourced threat actor returning to lead large campaigns. It is a combination that puts every business at higher risk.
Most organizations still rely heavily on tools that detect malicious activity and then respond to it. That approach is increasingly failing for several reasons:
There are too many new ransomware groups to track
Signature based detection becomes outdated almost immediately
New variants change rapidly and often bypass defensive tools
Response time is too slow once encryption begins
By the time detection alerts fire, ransomware often has already executed. Fragmented groups rely on this weakness because they do not need sophistication. They only need to launch an attack that hits faster than a response can contain it.
This is why modern ransomware is succeeding. Businesses are relying on a model that attackers already know how to beat.
The safest organizations today use a different approach called Isolation and Containment. Instead of detecting malware and reacting, this strategy prevents ransomware from executing or gaining the ability to spread at all.
This is where AppGuard stands out. AppGuard has more than a decade of proven success protecting systems in environments where failure is not an option. Instead of waiting for clues or signatures, AppGuard blocks untrusted or risky behaviors at the process level.
This means:
Unknown ransomware cannot launch
Zero-day attacks cannot break out of containment
Fileless attacks are stopped
Script based infections cannot reach critical resources
Whether the threat is a brand new ransomware group or an advanced version like LockBit 5.0, AppGuard stops the attack at the earliest stage. No detection. No delay. No reaction time needed.
The Check Point Research data also revealed that ransomware continues to hit industries such as manufacturing, business services, and healthcare at high rates. These sectors cannot afford downtime, which makes them especially attractive to attackers.
Law enforcement takedowns of major ransomware groups earlier this year did little to slow the trend. Fragmentation has made the ecosystem more resilient. Eliminating one brand simply encourages attackers to relaunch under new names.
For small and mid-sized businesses, this creates a critical decision point. Continue relying on Detect and Respond or move to modern protection that neutralizes ransomware before it begins.
The source article from The Hacker News paints a clear picture. Ransomware is evolving faster than most defensive tools can keep up. Fragmented groups and LockBit’s return mean the threat is growing in both volume and sophistication.
It is time for businesses to shift from Detect and Respond to Isolation and Containment.
If you want your business to stay ahead of these threats, talk with us at CHIPS. We can show you how AppGuard prevents the types of incidents highlighted in the article and how it provides true protection against ransomware, regardless of how quickly attackers evolve.
Let us help you stay protected before the next breach happens.
Like this article? Please share it with others!