35% of respondents cited ransomware as a top concerning threat.

77% of transportation and logistics organizations cited ransomware and malware threats as their top network security concern.

32% of enterprises said ransomware was one of the most common ways to lose data.

Social engineering attacks (48%) and ransomware (34%) were the most common types of cyberattacks on healthcare organizations in the past year.

Average ransom per attack on state, local, tribal, and territorial (SLTT) governments reached $872,656 between 2018 and December 2024, with total costs exceeding $1.09 billion.

More than half (58%) say they’ve seen a surge in AI-powered ransomware. This is up from 41% in 2024 for AI-powered ransomware sightings.

Ransomware has dropped to third place of most popular attack types.

Ransom payment values declined by 35%.

Publicly disclosed ransomware victims climbed to 6,046. This represents a 24% increase year over year for publicly disclosed victims. The victim count has also more than doubled since 2023.

Small and mid-sized businesses (SMBs) in the $4M-$8M range were the most frequently targeted.

Ransomware was responsible for 67% of known third-party breaches.

There has been a 123% increase in ransomware attacks over two years.

The number of publicly disclosed victims saw a 25% increase from the previous year (between April 2024 and March 2025)2. This follows an 81% surge in the period before that.

52 entirely new ransomware groups emerged in the last year.

There are now 96 active ransomware groups.

The Black Basta variant had the highest average ransom demand at $4 million.

The average ransom demand in 2024 was $1.1 million.

44% of cyber insurance policyholders that experienced a ransomware incident opted to pay the ransom when deemed reasonable and necessary.

Ransom demands from threat actors decreased by 22% year-over-year (YoY) in 2024.

March 2025 held the highest volume of public ransomware cases of all time.