An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases

There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024.

In 2025, a total of 134 ransomware incidents were reported in Japan, marking a 17. 5% increase compared to 2024. Among these, 22 incidents were attributed to Qilin, representing 16. 4% of the total. In 2025, Qilin ransomware was highly active. Looking ahead to 2026, unless there is significant external pressure or disruption, it is likely to further increase its impact. While there are some variations in tactics across affiliates, operations are expected to become more automated, with fewer trial-and-error steps and increasingly refined tradecraft.

Evidence suggests that some Qilin affiliates may have ties to countries in the post-Soviet region, including the Baltic states. Rather than focusing on post-ransomware execution, this blog examines detection opportunities during the pre-ransomware phase. Ransomware activity in Japan in 2025 In 2025, the number of ransomware incidents increased compared to 2024. Notably, it was a year in which attacks leveraging Qilin ransomware were observed most frequently. There were 134 ransomware incidents reported in Japan in 2025, representing a 17. 5% year-over-year increase from 2024. Figure 1 presents the monthly number of ransomware incidents.

The data was compiled based on information obtained from data leak sites, official disclosures by affected organizations, and publicly available media reports. On average, approximately 11 incidents were observed per month. Figure 1. Monthly victim counts in 2025. Industry-based analysis, as shown in Figure 2, indicates that manufacturing accounts for the largest share of affected organizations (28%). This is followed by automotive-related industries (8%), trading companies (7%), IT (6%), and education (5%). The data suggests that manufacturing and automotive-related sectors continue to be heavily targeted, consistent with last year.

Figure 2. Number of victim organizations by industry.