Ransomware
Cybersecurity statistics about ransomware
Showing 1-20 of 967 results
Adversaries maintained access to enterprise networks for nearly 2.5 weeks on average before being detected in ransomware incidents.
Ransomware attacks rose 55.1% year-over-year in the first four months of 2026 and reached an average of 171 incidents per month.
Average ransom payment dropped to $2.8 million, down from $3.6 million in 2025.
The Qilin ransomware group was linked to ransomware incidents in 26 of the 31 countries analysed.
More than half of SafePay's ransomware activity in Europe targeted German organisations.
64 European organisations were drawn into a ransomware or data extortion incident through a third party.
Professional, scientific, and technical services accounted for 17.8% of ransomware victims.
83% of ransomware victims paid a ransom, up from 70% previously.
Within professional, scientific, and technical services, IT service providers were the single most-targeted subindustry by ransomware.
53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.
14% of organizations were unaware of an attack until they receive a ransom demand, compared to 6% the previous year.
Manufacturing was the most-affected sector at 27.9% of ransomware victims.
Only 18% of organisations that suffered a ransomware attack paid the ransom, while 59% recovered from backups.
Germany reported 370 ransomware incidents (17.9%), the United Kingdom reported 347 (16.8%), France repored 255 (12.3%), Italy reported 240 (11.6%), and Spain reported 203 (9.8%) among ransomware incidents across Europe.
In the last 16 months, nearly 70% of Europe's ransomware activity was concentrated in Germany, the United Kingdom, France, Italy, and Spain.
80% of enterprise servers are reachable from anywhere inside the network, creating greenfield conditions for ransomware, operational disruption, and full-environment compromise.
78% of enterprise servers are reachable over SMB or WinRM, administrative protocols commonly exploited for ransomware spread and lateral movement.
50% of organizations reported ransomware intrusions, down from 54% in 2025.
Big game hunting adversaries named 572 technology entities on dedicated leak sites for extortion.
Banks reported 71 ransomware disclosures in 2023 compared to 44 disclosures by investment firms, while by 2025 banks fell to 36 disclosures and investment firms rose to 84 disclosures (41.6% of all incidents).