The average cost of an extortion or ransomware incident remains high, particularly when disclosed by an attacker ($5.08 million).

More than a third (34%) of UK business leaders who support a proposed ransom payment ban believe it would lead to increased government support and intervention to safeguard cyber resilience.

94% of UK business leaders support limiting ransom payments for public entities.

In real-world situations within the private sector, if a ransom payment ban were to take hold, only 10% of UK business leaders said they would comply if they were attacked.

99% of UK business leaders support limiting ransom payments for private organisations.

96% of surveyed UK business leaders from companies with revenues of £100 million+ believe that ransomware payments should be banned across both public and private sectors.

In real-world situations within the private sector, if a ransom payment ban were to take hold, 15% of UK business leaders said they would be neither likely nor unlikely to comply with such a ban.

Almost all UK respondents (98%) stated that cyber readiness and recovery will be a top spending priority.

Just 17% of UK organisations paid the ransom following a ransomware attack.

75% of UK business leaders who believe ransomware payments should be banned admit they would still pay a ransom if it were the only way to save their organisation, even if a ban was extended to the private sector and civil or criminal penalties applied.

The Dragon RaaS emerged in 2024.

Nearly half the cryptomining attacks analysed by Akamai researchers targeted nonprofit and educational organizations.

A new quadruple extortion tactic is being used in ransomware campaigns, which builds on double extortion by using distributed denial-of-service (DDoS) attacks to disrupt business operations and harassing third parties (like customers, partners, and media) to increase the pressure on the victim.

Double extortion remains the most common approach.

The TrickBot malware family has extorted more than US$724 million in cryptocurrency from victims since 2016.

Akira was the second most active threat group in June 2025, with 31 attacks, rising from fourth place in May.

Overall, 79% of all global ransomware cases in June 2025 took place in North America and Europe combined

South America had a 4% share of ransomware attacks (15 cases) in June 2025.

Europe experienced an 8% drop in June 2025, accounting for 21% of ransomware attacks (79 cases). This was fewer than half the number recorded in North America.

Industrials represented nearly a third (30%) of all ransomware attacks in Q2.