Ransomware deployment speed increased by 48% as observed in 2025

The average cost of recovering from a ransomware attack in retail, excluding any ransom payment, dropped by 40% to $1.65 million in 2025, the lowest point in three years

58% of retail organizations with encrypted data paid the ransom in 2025, marking the second highest payment rate in five years

The median ransom demand for retail ransomware attacks doubled to $2 million in 2025 compared to 2024

26% of cases in retail saw leadership teams replaced as a result of data encryption in 2025

European organizations accounted for nearly 22% of global ransomware and extortion victims in 2025

46% of retail ransomware incidents were traced to an unknown security gap in 2025

47% of retail IT/cybersecurity teams reported increased pressure after experiencing data encryption in 2025

92% of ransomware cases in Europe involved file encryption and data theft in 2025

The proportion of retailers hit by extortion-only attacks tripled from 2% in 2023 to 6% in 2025

Since January 1, 2024, more than 2,100 victims across Europe were named on extortion leak sites

Approximately 23% of all reported cases of Qilin ransomware affected the manufacturing sector.

The number of victims whose information was posted on the Qilin ransomware leak site peaked at 100 cases in June 2025.

In 2025, Cisco Talos reported multiple incidents related to Qilin ransomware.

About 10% of Qilin ransomware cases were related to wholesale trade.

In the second half of 2025, the Qilin ransomware group published victim information at a rate exceeding 40 cases per month.

Around 18% of Qilin ransomware cases impacted professional and scientific services.

Ransomware attacks in the manufacturing sector surged by 61% from 520 incidents to 838 incidents year-over-year, marking the steepest growth among all sectors.

51% of organizations deployed automated incident response.

In 2025, half of all ransomware attacks worldwide targeted essential sectors such as manufacturing, healthcare, energy, transportation, and finance, indicating a shift from opportunistic crime to systemic disruption.