Ransomware
Cybersecurity statistics about ransomware
Showing 181-200 of 972 results
Extortion demands to suppress stolen data comprise 49% of extortion claims in the first half of 2025 and 65% of extortion claims in the second half of 2025.
80% of ransomware groups use AI, automation, or both in their attacks.
Ransomware activity is most heavily concentrated in the GCC, which accounted for over 100 reported incidents in 2025.
Ransomware victims by industry: Commercial facilities (997), manufacturing (846), information technology (818), healthcare & public health (473), financial services (340), education (266), transportation &logistics (263), government facilities & public sector (253), food & agriculture (181), hospitality (146), energy (144), communications (99), retail (9), entertainment (1), legal (1).
Publicly disclosed victim counts increased by roughly 12%.
In the second half of 2025, more than two-thirds of ransomware attacks leveraged data theft instead of encryption.
Data theft-only attacks account for 57% of all attacks in 2025.
Three in four small- and medium-sized businesses say cyber incidents, including data breaches and ransomware attacks, are most likely to negatively impact their business this year.
Scattered Spider accounted for 42.9% of all actor-related alerts in the second half of 2025.
Ransomware attacks against industrial organizations increased 64% year-over-year.
44% of attacks in the Automotive and Smart Mobility ecosystem are ransomware-related, more than double the volume in 2024.
The fastest ransomware case observed, involving Akira ransomware, takes just three hours from breach to encryption.
96% of incidents involving lateral movement end with the release of ransomware.
70% of global ransomware activity targets English-speaking countries.
In the second half of 2025, ransomware attacks against Canada and the UK accounted for a combined 30% of attacks.
90% of ransomware incidents exploit firewalls through a CVE or a vulnerable account.
Manufacturing accounts for more than two-thirds of all ransomware victims.
The number of ransomware groups targeting industrial organizations increased 49% year-over-year to 119 groups, collectively impacting 3,300 organizations globally.
The average dwell time for ransomware in OT environments is 42 days.
In the second half of 2025, 40% of all ransomware attacks targeted US-based companies.