Ransomware
Statistics and intelligence on ransomware attacks, trends, and prevention strategies across global organizations.
Showing 601-620 of 784 results
Ransomware claims severity decreased by 7% YoY.
Black Basta accounted for just 3% of all ransomware claims in 2024.
The average ransom demand in 2024 was $1.1 million.
The Black Basta variant had the highest average ransom demand at $4 million.
Ransom demands from threat actors decreased by 22% year-over-year (YoY) in 2024.
There was a 25% increase in ransomware attacks in 2024.
Among SMBs under 25 employees who experienced a cyber incident in the past year, 29% reported ransomware.
Among larger SMBs who experienced a cyber incident in the past year, 19% reported ransomware
Statistics for the First Four Months of 2025 (Year-to-Date): Healthcare: 34 confirmed attacks logged so far this year. 115 further unconfirmed attacks are being monitored, Government: 49 confirmed attacks logged throughout 2025 so far. 89 further unconfirmed attacks are being monitored, Education: 27 confirmed attacks logged throughout the first four months of this year. 69 further unconfirmed attacks are being monitored, Businesses: 165 confirmed attacks across 2025 so far. 2,118 further unconfirmed attacks are being tracked.
Specific Data Amounts Allegedly Stolen: DaVita Inc. (healthcare, US): 1.5 TB of data allegedly stolen by Interlock, ChangShen Hospital (healthcare, Taiwan): 800 GB of data stolen by NightSpire, Sasszemklinika (healthcare, Hungary): 101 GB stolen by Qilin, Saint James Hospital Group: 250 GB stolen, claimed by INC, Oregon Department of Environmental Quality (DEQ): Qilin claims a breach of over 2.5 TB of data, though DEQ denies evidence of a breach, Toppan Next Tech (business, Singapore): 12 GB of data stolen by Akira, involving a data breach affecting at least 11,200 people (including 3,000 from Bank of China and 8,200 from DBS Group), FAKO-M Getränke GmbH & Co. KG (business, Germany): Sarcoma claims to have stolen 446 GB of data, Fleet Canada, Inc. (business): Silent alleged to have stolen 600 GB, Versa Networks (business): Silent alleged to have stolen 854 GB.
Specific Ransom Demands Mentioned: Virgin Islands Lottery (VIL) refused a $1 million ransom demand, Oregon Department of Environmental Quality (DEQ) refused a $2.7 million demand from Rhysida, CPAS de Jemeppe-sur-Sambre (a Belgian social welfare centre) refused a €70,000 ransom demand, Medusa claimed an attack on Fall River Public Schools with a $400,000 ransom demand, Manchester Credit Union reported that Sarcoma attackers did not demand a ransom.
In April 2025, researchers logged a total of 479 ransomware attacks. This represents a significant decline from the monthly figures tracked in Q1 2025: 530 in January, 973 in February, and 713 in March.
Of 479 ransomware attacks logged in April 2025, 39 attacks were confirmed by the targeted entity through means such as a data breach notification or press release.
Breakdown of Confirmed Attacks (39 total) by Sector in April 2025: Businesses: 21 confirmed attacks, Government Entities: 9 confirmed attacks, Healthcare Companies: 6 confirmed attacks, Educational Institutions: 3 confirmed attacks.
Most Prolific Ransomware Strains by Number of Confirmed Attacks in April 2025: Akira: Had the most confirmed attacks with three in total, Qilin: Had two confirmed attacks, NightSpire: Had two confirmed attacks, Silent: Had two confirmed attacks. Silent was new to the scene in April with just four claims in total, Sarcoma: Had two confirmed attacks.
Statistics for the First Four Months of 2025 (Year-to-Date): Healthcare: 34 confirmed attacks logged so far this year. 115 further unconfirmed attacks are being monitored, Government: 49 confirmed attacks logged throughout 2025 so far. 89 further unconfirmed attacks are being monitored, Education: 27 confirmed attacks logged throughout the first four months of this year. 69 further unconfirmed attacks are being monitored, Businesses: 165 confirmed attacks across 2025 so far. 2,118 further unconfirmed attacks are being tracked.
Most Prolific Ransomware Strains by Number of Confirmed Attacks in April 2025: Akira: Had the most confirmed attacks with three in total, Qilin: Had two confirmed attacks, NightSpire: Had two confirmed attacks, Silent: Had two confirmed attacks. Silent was new to the scene in April with just four claims in total, Sarcoma: Had two confirmed attacks.
Most Prolific Ransomware Gangs (based on attack claims) in April 2025: Qilin: 67 claims. This is an increase from 45 claims in March, Akira: 62 claims, Play: 50 claims, Lynx: 32 claims, NightSpire: 22 claims. RansomHub listed no new victims in April.
Breakdown of Unconfirmed Attacks (440 total) by Sector in April 2025: Businesses: 396 unconfirmed attacks, Government Entities: 16 unconfirmed attacks, Healthcare Companies: 16 unconfirmed attacks, Educational Institutions: 11 unconfirmed attacks/
Specific Ransom Demands Mentioned: Virgin Islands Lottery (VIL) refused a $1 million ransom demand, Oregon Department of Environmental Quality (DEQ) refused a $2.7 million demand from Rhysida, CPAS de Jemeppe-sur-Sambre (a Belgian social welfare centre) refused a €70,000 ransom demand, Medusa claimed an attack on Fall River Public Schools with a $400,000 ransom demand, Manchester Credit Union reported that Sarcoma attackers did not demand a ransom.