92% of ransomware cases in Europe involved file encryption and data theft in 2025

Ransomware deployment speed increased by 48% as observed in 2025

47% of retail IT/cybersecurity teams reported increased pressure after experiencing data encryption in 2025

The median ransom demand for retail ransomware attacks doubled to $2 million in 2025 compared to 2024

The average cost of recovering from a ransomware attack in retail, excluding any ransom payment, dropped by 40% to $1.65 million in 2025, the lowest point in three years

Since January 1, 2024, more than 2,100 victims across Europe were named on extortion leak sites

The proportion of retailers hit by extortion-only attacks tripled from 2% in 2023 to 6% in 2025

58% of retail organizations with encrypted data paid the ransom in 2025, marking the second highest payment rate in five years

26% of cases in retail saw leadership teams replaced as a result of data encryption in 2025

European organizations accounted for nearly 22% of global ransomware and extortion victims in 2025

46% of retail ransomware incidents were traced to an unknown security gap in 2025

Approximately 23% of all reported cases of Qilin ransomware affected the manufacturing sector.

In the second half of 2025, the Qilin ransomware group published victim information at a rate exceeding 40 cases per month.

The number of victims whose information was posted on the Qilin ransomware leak site peaked at 100 cases in June 2025.

Around 18% of Qilin ransomware cases impacted professional and scientific services.

About 10% of Qilin ransomware cases were related to wholesale trade.

In 2025, Cisco Talos reported multiple incidents related to Qilin ransomware.

In 2025, 70.4% of ransomware attacks, totaling 3,310 incidents, were distributed across other regions.

87% of organizations expect deepfakes to become major attack vectors in future ransomware campaigns.

82% of organizations believe generative AI makes phishing emails more difficult to identify, even for well-trained employees.