The average ransom demand exceeded $1,028,214 in Q1 2026.

Victims were given an average of 7.7 days to meet ransom demands in Q1 2026.

58% of cybersecurity leaders would consider paying cybercriminals to end a ransomware attack.

69% of ransomware victims didn’t pay.

Among organizations victimized by ransomware, the share that paid a ransom increased from 41% to 55%.

Among organizations that paid ransoms, 61% successfully recovered their data, up from 54% the previous year.

Akira ransom demands averaged $1.2M, which is 50% higher than the non-Akira average.

62% of US IT and security professionals at companies with at least 1,000 employees believe AI makes it more likely their company will need to pay a ransom to regain access to its data after an attack.

Global ransomware payments reached $820 million in 2025.

Global traceable ransomware payments fell from $892 million in 2024 to $820 million in 2025.

Only 33% of cyber insurance policies cover lost revenue, and 45% cover ransomware negotiations or payment.

89% of organizations that experienced a ransomware attack in the past year paid a ransom to recover their data or stop the attack

58% of retail organizations with encrypted data paid the ransom in 2025, marking the second highest payment rate in five years

Only 3% of undisclosed ransomware cases included an upfront ransom demand in Q3 2025.

DEVMAN demanded $91 million from Shimao Group, the largest ransom in Q3 2025.

The amount of data most organizations got back after paying a ransom was 51–75%.

92% of organizations still lost data after paying a ransom.

54% of organizations attacked paid a ransom.

8% of organizations got all their data back after paying a ransom.

The costliest ransom paid by healthcare organizations in 2025 represented a 60% increase from $771,905 in 2022.