10% of organizations in the government sector experienced ransomware incidents annually.

Organizations in the education sector reported an average dwell time of about 5 weeks prior to a ransomware incident.

20% of organizations in the healthcare sector experienced ransomware incidents annually.

CDK Global reported a ransom payment of $50 million

Scattered Spider was detected in 22.0% of cybersecurity incidents over the last 12 months.

70% of organizations reported that they paid the ransom in 2023

The percentage of organizations that never paid a ransom increased from 9% last year to 30% this year

Organizations experienced an average of 5 to 6 ransomware incidents over the last 12 months, marking a 25% decrease from nearly 8 incidents in 2024.

The percentage of organizations experiencing 20 or more ransomware incidents annually increased from 0% to 3% year-over-year.

The finance sector had an average ransom payment of $3.8 million

SafePay impacted 111 organizations and individuals spread across 27 industries and 18 countries in Q2 2025.

IncRansom claimed 14 healthcare organizations as victims in Q3 2025.

Akira experienced a single day spike of 20 claimed victims (organizations and individuals) on August 11th 2025.

10% to 15% of revenue was offered as a split for the core operator within the RaaS ecosystem.

Akira's victim count in Q3 is 212% higher than the same period in 2024.

In Q3 2025, manufacturing organizations experienced a 26% increase in ransomware attacks.

There were 252 publicly claimed manufacturing organizations that were victims of ransomware attacks in Q3 2025.

The average number of ransomware groups posting victim data per week in Q3 2025 was 25.

SafePay claimed 11 healthcare organizations as victims in Q3 2025.

In Q2 2025, there were 92 reports of ransomware attacks on healthcare organizations.