Skip to main content
HomeTopicsRansomware

Ransomware

Cybersecurity statistics about ransomware

Showing 1-20 of 967 results

Adversaries maintained access to enterprise networks for nearly 2.5 weeks on average before being detected in ransomware incidents.

ExtraHop6/28/2026
RansomwareDwell Time

Ransomware attacks rose 55.1% year-over-year in the first four months of 2026 and reached an average of 171 incidents per month.

Black Kite6/28/2026
RansomwareIncident Rates

Average ransom payment dropped to $2.8 million, down from $3.6 million in 2025.

ExtraHop6/28/2026
RansomwareFinancial Impact

The Qilin ransomware group was linked to ransomware incidents in 26 of the 31 countries analysed.

Black Kite6/28/2026
RansomwareThreat Actors

More than half of SafePay's ransomware activity in Europe targeted German organisations.

Black Kite6/28/2026
RansomwareGermany

64 European organisations were drawn into a ransomware or data extortion incident through a third party.

Black Kite6/28/2026
Third-Party RiskRansomware

Professional, scientific, and technical services accounted for 17.8% of ransomware victims.

Black Kite6/28/2026
RansomwareProfessional Services

83% of ransomware victims paid a ransom, up from 70% previously.

ExtraHop6/28/2026
RansomwareRansom Payment

Within professional, scientific, and technical services, IT service providers were the single most-targeted subindustry by ransomware.

Black Kite6/28/2026
IT ServicesRansomware

53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.

Black Kite6/28/2026
Third-Party RiskRansomware

14% of organizations were unaware of an attack until they receive a ransom demand, compared to 6% the previous year.

ExtraHop6/28/2026
RansomwareDetection

Manufacturing was the most-affected sector at 27.9% of ransomware victims.

Black Kite6/28/2026
RansomwareManufacturing

Only 18% of organisations that suffered a ransomware attack paid the ransom, while 59% recovered from backups.

Databarracks6/28/2026
RansomwareData Recovery

Germany reported 370 ransomware incidents (17.9%), the United Kingdom reported 347 (16.8%), France repored 255 (12.3%), Italy reported 240 (11.6%), and Spain reported 203 (9.8%) among ransomware incidents across Europe.

Black Kite6/28/2026
RansomwareGeographic Distribution

In the last 16 months, nearly 70% of Europe's ransomware activity was concentrated in Germany, the United Kingdom, France, Italy, and Spain.

Black Kite6/28/2026
RansomwareEurope

80% of enterprise servers are reachable from anywhere inside the network, creating greenfield conditions for ransomware, operational disruption, and full-environment compromise.

Zero Networks6/15/2026
Network SecurityRansomware

78% of enterprise servers are reachable over SMB or WinRM, administrative protocols commonly exploited for ransomware spread and lateral movement.

Zero Networks6/15/2026
SMBWinRM

50% of organizations reported ransomware intrusions, down from 54% in 2025.

Fortinet6/15/2026

Big game hunting adversaries named 572 technology entities on dedicated leak sites for extortion.

CrowdStrike6/15/2026
ExtortionRansomware

Banks reported 71 ransomware disclosures in 2023 compared to 44 disclosures by investment firms, while by 2025 banks fell to 36 disclosures and investment firms rose to 84 disclosures (41.6% of all incidents).

Black Kite6/6/2026
RansomwareFinancial Services