Ransomware
Cybersecurity statistics about ransomware
Showing 201-220 of 972 results
Organizations with comprehensive OT visibility detect and contain OT ransomware incidents in an average of 5 days, compared to the industry-wide average of 42 days.
A total of 130 different ransomware groups carried out attacks in 2025.
The United States accounted for 58% of all recorded disclosed ransomware attacks in 2025.
Publicly disclosed ransomware increased by 49% year-on-year, reaching 1,174 incidents, nearly four times higher than in 2020.
Undisclosed ransomware victims announced on dark web leak sites totaled 7,079 in 2025, a 37% increase compared to 2024.
Fifty-two new ransomware groups emerged in 2025, a 9% increase compared to 2024.
Approximately 86% of ransomware attacks are never publicly reported.
Of the 65 CVEs discussed by the BlackBasta ransomware group, 54 are Known Exploited Vulnerabilities (KEVs).
The INC ransomware group claimed 66 victims in undisclosed activity in 2025.
Australia and the United Kingdom recorded 110 and 42 disclosed ransomware attacks respectively in 2025.
The services industry recorded a 118% year-on-year increase in ransomware attack volume in 2025.
The education sector saw ransomware attacks decrease by approximately 12% year-on-year in 2025.
Canada accounted for 6% and Germany accounted for 4% of undisclosed ransomware attacks in 2025.
The Qilin ransomware group claimed 1,115 victims in 2025, making it the most active ransomware group across disclosed and undisclosed attacks.
The Play ransomware group accounted for 5% of disclosed ransomware attacks in 2025.
The healthcare sector accounted for 22% of all disclosed ransomware attacks in 2025.
The Akira ransomware group was linked to 776 total recorded attacks in 2025.
Organizations across 135 countries, representing 69% of countries worldwide, were impacted by ransomware attacks in 2025.
The United States suffered 3,768 undisclosed ransomware incidents in 2025.
In 2025, 55% of Chief Information Security Officers (CISOs) in the US and UK reported that their organization experienced a cyberattack, ransomware infection, compromise, or data breach that rendered mobile, remote, or hybrid endpoint devices inoperable.