In 2025, Canada experienced 139 ransomware incidents, accounting for 3.0% of all attacks.

In 2025, the United States experienced 21.3% of all ransomware attacks, totaling approximately 1,000 incidents.

In 2025, 77.7% of ransomware attacks were attributed to other actors outside the top five groups.

In 2025, Italy experienced 74 ransomware incidents, representing 1.6% of all attacks.

Ransomware attacks against the manufacturing sector surged from 520 incidents in 2024 to 838 incidents in 2025, marking a 61% increase.

From January 1 to September 1, 2024, there were 3,219 total recorded ransomware incidents, with 1,745 incidents (54%) targeting critical sectors.

From January 1 to September 1, 2025, there were 4,701 recorded ransomware incidents, with 2,332 incidents (50%) targeting critical sectors such as manufacturing, healthcare, energy, transportation, and financial services.

90% of C-level executives express concern that deepfake audio and video will become major vectors for social engineering in future ransomware attacks.

In 2025, 2,332 ransomware incidents targeted critical infrastructure, accounting for 50% of all incidents, compared to 1,745 incidents, which accounted for 54%, in 2024.

Out of 103 active ransomware groups, five groups accounted for nearly 25% of global ransomware incidents.

In 2025, there were 103 distinct ransomware threat actors observed targeting critical infrastructure.

The top five ransomware groups — Qilin, Clop, Akira, Play, and SafePay — were responsible for 938 incidents, accounting for nearly 25% of all ransomware attacks in 2025.

In 2025, ransomware events against critical industries increased by 34% compared to the previous year.

Between January and September 2025, KELA observed 4,701 ransomware incidents, representing a 34% year-over-year increase compared to the same period in 2024.

50% of organizations that experienced a ransomware attack believed they were 'very well prepared' for ransomware.

82% of organizations believe generative AI makes phishing emails more difficult to identify, even for well-trained employees.

83% of organizations that paid ransoms were hit again by ransomware attacks

76% of organizations reported that it is getting harder to be fully prepared for ransomware attacks

89% of healthcare organizations express concern that deepfake audio and video will become major vectors for social engineering in future ransomware attacks.

54% of healthcare organizations implemented AI-powered threat detection.