The manufacturing industry accounted for 456 ransomware incidents totaling approximately $284.6 million in reported payments, while the financial services industry accounted for 432 incidents totaling approximately $365.6 million, and the healthcare industry accounted for 389 incidents totaling approximately $305.4 million.

The 10 ransomware variants with the highest cumulative payment amounts identified in BSA reports accounted for approximately $1.5 billion in payments.

In 2024, ransomware incidents reported to FinCEN decreased to 1,476 incidents, reflecting $734 million in the aggregate value of reported payments.

Ransomware incidents reported to FinCEN reached an all-time high of 1,512 incidents in 2023, totaling $1.1 billion in payments, marking a 77% increase in total payments year-over-year from 2022 to 2023.

52% of organizations reported being targeted by ransomware attacks on holidays or weekends.

60% of ransomware attacks occurred following an IPO, merger or acquisition, or round of layoffs.

In Q3 2025, the 'Others' category of ransomware actors decreased from 40% to 16% of cases compared to the previous quarter.

In Q3 2025, INC Ransomware claimed 119 posts on their public leak site.

In Q3 2025, Qilin ransomware claimed 271 posts on their public leak site.

In Q3 2025, the Akira ransomware group accounted for approximately 39% of Beazley Security incident response cases.

In Q3 2025, INC Ransomware accounted for approximately 8% of Beazley Security incident response cases.

61% of Chief Information Security Officers believe AI has directly increased ransomware risk

In Q3 2025, Qilin ransomware accounted for approximately 18% of Beazley Security incident response cases.

In Q3 2025, the Akira ransomware group claimed 167 posts on their public leak site.

In Q3 2025, leak site posts increased by 11% from Q2 to Q3.

In Q3 2025, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases investigated by Beazley Security.

There were 333 ransomware attacks detected by Trellix specifically targeting critical infrastructure sectors from April 1 to September 30, 2025.

Malware and ransomware accounted for 51% of all cyber insurance claims in 2024, up from 32% in 2023.

89% of organizations that experienced a ransomware attack in the past year paid a ransom to recover their data or stop the attack

62% of retailers who experienced attacks restored their data using backups in 2025, the lowest rate in four years