The health care sector had the highest average ransom paid of any industry, at $847,875.

Only half of organisations that pay ransoms actually recover their data.

Successful ransomware attacks have declined from a peak of 73% two years ago to 63% this year.

Only 41% of victimised organisations chose to pay in 2024—down from 63% three years ago.

Ransomware deployment occurs in as little as six hours

Mid-sized companies generating $25-100M in revenue saw a 46% increase in ransomware attacks.

Geographically, 59% of observed ransomware victims in Q1 2025 were based in The United States, which is the highest proportion seen to date.

Only 31% of ransoms were paid by At-Bay customers in 2024. This totaled $146M in unpaid ransoms.

Severity of ransomware attacks was up 13% in 2024.

The average ransom demand was $957K, and the average ransom paid was $317K. This means the price was often negotiated down by more than half.

Ransomware gangs claimed responsibility for targeting 5,336 victims in 2023.

There was also a record high number of active threat groups, with 70 identified in Q1 2025. This is a 55.5% year-over-year rise.

Ransomware attacks increased by nearly 20% in 2024.

There was a 75% increase in actively exploited flaws compared to the same period in 2024, with 12,333 vulnerabilities reported in Q1 alone .

The first quarter of 2025 saw a record high in ransomware attacks, with 2,063 victims reported. This represents a 102% increase compared to the previous year.

VPNs alone accounted for two-thirds (66%) of all ransomware attacks.

The blast radius of ransomware continues to grow as businesses impacted by attacks on vendors and partners increased 43%.

There was also a record high number of active threat groups, with 70 identified in Q1 2025. This is a 55.5% year-over-year rise.

The vast majority of ransomware started with an attack on a remote access tool, contributing to 80% of attacks.

The frequency of ransomware attacks in 2024 increased by 19% vs. 2023.