Organisations with $250 million revenue or less saw median ransom demands of less than $350,000.

77% of transportation and logistics organizations cited ransomware and malware threats as their top network security concern.

Social engineering attacks (48%) and ransomware (34%) were the most common types of cyberattacks on healthcare organizations in the past year.

32% of enterprises said ransomware was one of the most common ways to lose data.

Average ransom per attack on state, local, tribal, and territorial (SLTT) governments reached $872,656 between 2018 and December 2024, with total costs exceeding $1.09 billion.

More than half (58%) say they’ve seen a surge in AI-powered ransomware. This is up from 41% in 2024 for AI-powered ransomware sightings.

Ransomware has dropped to third place of most popular attack types.

Ransomware was responsible for 67% of known third-party breaches.

Small and mid-sized businesses (SMBs) in the $4M-$8M range were the most frequently targeted.

Publicly disclosed ransomware victims climbed to 6,046. This represents a 24% increase year over year for publicly disclosed victims. The victim count has also more than doubled since 2023.

There are now 96 active ransomware groups.

52 entirely new ransomware groups emerged in the last year.

The number of publicly disclosed victims saw a 25% increase from the previous year (between April 2024 and March 2025)2. This follows an 81% surge in the period before that.

There has been a 123% increase in ransomware attacks over two years.

Ransom payment values declined by 35%.

44% of cyber insurance policyholders that experienced a ransomware incident opted to pay the ransom when deemed reasonable and necessary.

Ransomware cyber insurance claims frequency decreased by 3%.

Ransomware claims severity decreased by 7% YoY.

The average ransom demand in 2024 was $1.1 million.

The Black Basta variant had the highest average ransom demand at $4 million.