In 2025, Japan reported 134 ransomware incidents, a 17.5% increase from 2024. Qilin ransomware accounted for 16.4% of these incidents (22 cases), making it the most active ransomware group in the region. Key factors include reliance on stolen credentials for initial access, automated attack operations, and potential ties to post-Soviet countries. Small- and medium-sized enterprises (57%) were primary targets, with manufacturing and automotive industries most affected.
