17% of UK organisations hit by ransomware in the past year paid the ransom. This figure is down from 27% in 2024 and 44% in 2023.

Data exfiltration was a factor in 74% of all ransomware cases in Q2 2025.

The overall rate of organizations paying ransoms in Q2 2025 held steady at 26%.

The top ransomware variants in Q2 2025 were: Akira (19%), Qilin (13%), and Lone Wolf (9%).

The median ransom payment in Q2 2025 reached $400,000, which is a 100% increase from Q1 2025.

The average ransom payment in Q2 2025 rocketed to $1.13 million, marking a 104% increase from Q1 2025.

The industries hit hardest by ransomware in Q2 2025 were Professional services: 19.7%, Healthcare: 13.7%, and Consumer services: 13.7%.

Mid-sized companies (defined as 11 to 1,000 employees) constituted 64% of ransomware victims in Q2 2025.

BlackByte, a ransomware strain, had a prevention effectiveness rate of just 26%.

Maori, a ransomware strain, had a prevention effectiveness rate of 41%.

BabLock, another ransomware strain, had a prevention effectiveness rate of 34%.

27% of ransomware incidents involved attackers stealing data.

31% of ransomware victims were affected multiple times in the last 12 months.

50% of law firms cited phishing as the top cybersecurity concern, a new category this year, surpassing ransomware and user behavior.

74% of repeat ransomware victims state they are juggling too many security tools.

67% of organisations in healthcare were affected by ransomware.

Ransomware attackers have a one-in-three chance of payout.

65% of organisations in local government were affected by ransomware.

Fewer than half (47%) of ransomware victims had implemented an email security solution.

27% of ransomware incidents involved attackers publishing data.