Ransomware
Cybersecurity statistics about ransomware
Showing 801-820 of 967 results
Statistics for the First Four Months of 2025 (Year-to-Date): Healthcare: 34 confirmed attacks logged so far this year. 115 further unconfirmed attacks are being monitored, Government: 49 confirmed attacks logged throughout 2025 so far. 89 further unconfirmed attacks are being monitored, Education: 27 confirmed attacks logged throughout the first four months of this year. 69 further unconfirmed attacks are being monitored, Businesses: 165 confirmed attacks across 2025 so far. 2,118 further unconfirmed attacks are being tracked.
Most Prolific Ransomware Strains by Number of Confirmed Attacks in April 2025: Akira: Had the most confirmed attacks with three in total, Qilin: Had two confirmed attacks, NightSpire: Had two confirmed attacks, Silent: Had two confirmed attacks. Silent was new to the scene in April with just four claims in total, Sarcoma: Had two confirmed attacks.
Specific Ransom Demands Mentioned: Virgin Islands Lottery (VIL) refused a $1 million ransom demand, Oregon Department of Environmental Quality (DEQ) refused a $2.7 million demand from Rhysida, CPAS de Jemeppe-sur-Sambre (a Belgian social welfare centre) refused a €70,000 ransom demand, Medusa claimed an attack on Fall River Public Schools with a $400,000 ransom demand, Manchester Credit Union reported that Sarcoma attackers did not demand a ransom.
Credentials for victims of the Play, Akira, and Rhysida ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack.
The U.S. was the reported victim in 58% of ransomware posts.
The average time between credentials being found and the reported ransomware attack was 2.5 weeks
Babuk2 was the most active threat group, responsible for 14% of all attacks in March. Babuk2 drove ransomware activity with 84 attacks in March. This represents a 37% increase for Babuk2 from January (61 attacks).
Ransomware cases increased year-on-year by 46% in March.
Global median dwell time was 5 days when adversaries notified (notably in ransomware cases).
Safepay was the third most active threat group in March, with 42 attacks.
Ransomware cases globally dipped by 32% in March (600 attacks) compared to February.
600 ransomware attacks were recorded globally in March.
Akira and RansomHub shared second place of most active threat group in March, with 62 attacks each.
The percentage of companies impacted by ransomware attacks has slightly declined from 75% to 69%.
Ransomware attacks rose by 37% since last year.
7 out of 10 organizations experienced a ransomware attack in the past year.
Of organizations that were attacked by ransomware, 57% recovered less than 50% of their data.
A pre-defined “chain of command” was included in the ransomware playbook for 30% of organizations.
Less than half of organizations had key technical elements included in their ransomware playbook.
Pre-attack confidence among ransomware victims often doesn't reflect reality.