Skip to main content
HomeTopicsRansomware

Ransomware

Cybersecurity statistics about ransomware

Showing 801-820 of 967 results

Statistics for the First Four Months of 2025 (Year-to-Date): Healthcare: 34 confirmed attacks logged so far this year. 115 further unconfirmed attacks are being monitored, Government: 49 confirmed attacks logged throughout 2025 so far. 89 further unconfirmed attacks are being monitored, Education: 27 confirmed attacks logged throughout the first four months of this year. 69 further unconfirmed attacks are being monitored, Businesses: 165 confirmed attacks across 2025 so far. 2,118 further unconfirmed attacks are being tracked.

Comparitech5/2/2025

Most Prolific Ransomware Strains by Number of Confirmed Attacks in April 2025: Akira: Had the most confirmed attacks with three in total, Qilin: Had two confirmed attacks, NightSpire: Had two confirmed attacks, Silent: Had two confirmed attacks. Silent was new to the scene in April with just four claims in total, Sarcoma: Had two confirmed attacks.

Comparitech5/2/2025

Specific Ransom Demands Mentioned: Virgin Islands Lottery (VIL) refused a $1 million ransom demand, Oregon Department of Environmental Quality (DEQ) refused a $2.7 million demand from Rhysida, CPAS de Jemeppe-sur-Sambre (a Belgian social welfare centre) refused a €70,000 ransom demand, Medusa claimed an attack on Fall River Public Schools with a $400,000 ransom demand, Manchester Credit Union reported that Sarcoma attackers did not demand a ransom.

Comparitech5/2/2025

Credentials for victims of the Play, Akira, and Rhysida ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack.

KELA4/29/2025
CredentialsCredential theft

The U.S. was the reported victim in 58% of ransomware posts.

Trellix4/29/2025
APTRansomware

The average time between credentials being found and the reported ransomware attack was 2.5 weeks

KELA4/29/2025
CredentialsCredential theft

Babuk2 was the most active threat group, responsible for 14% of all attacks in March. Babuk2 drove ransomware activity with 84 attacks in March. This represents a 37% increase for Babuk2 from January (61 attacks).

NCC Group4/24/2025
RansomwareThreat group

Ransomware cases increased year-on-year by 46% in March.

NCC Group4/24/2025

Global median dwell time was 5 days when adversaries notified (notably in ransomware cases).

Mandiant4/24/2025
Dwell timeSecurity incident

Safepay was the third most active threat group in March, with 42 attacks.

NCC Group4/24/2025
RansomwareThreat group

Ransomware cases globally dipped by 32% in March (600 attacks) compared to February.

NCC Group4/24/2025

600 ransomware attacks were recorded globally in March.

NCC Group4/24/2025

Akira and RansomHub shared second place of most active threat group in March, with 62 attacks each.

NCC Group4/24/2025
RansomwareThreat group

The percentage of companies impacted by ransomware attacks has slightly declined from 75% to 69%.

Veeam4/23/2025

Ransomware attacks rose by 37% since last year.

Verizon4/23/2025

7 out of 10 organizations experienced a ransomware attack in the past year.

Veeam4/23/2025

Of organizations that were attacked by ransomware, 57% recovered less than 50% of their data.

Veeam4/23/2025
RansomwareData loss

A pre-defined “chain of command” was included in the ransomware playbook for 30% of organizations.

Veeam4/23/2025

Less than half of organizations had key technical elements included in their ransomware playbook.

Veeam4/23/2025

Pre-attack confidence among ransomware victims often doesn't reflect reality.

Veeam4/23/2025