Ransomware
Statistics and intelligence on ransomware attacks, trends, and prevention strategies across global organizations.
Related Topics
Showing 1-20 of 967 results
In the last 16 months, nearly 70% of Europe's ransomware activity was concentrated in Germany, the United Kingdom, France, Italy, and Spain.
Manufacturing was the most-affected sector at 27.9% of ransomware victims.
Germany reported 370 ransomware incidents (17.9%), the United Kingdom reported 347 (16.8%), France repored 255 (12.3%), Italy reported 240 (11.6%), and Spain reported 203 (9.8%) among ransomware incidents across Europe.
Within professional, scientific, and technical services, IT service providers were the single most-targeted subindustry by ransomware.
Only 18% of organisations that suffered a ransomware attack paid the ransom, while 59% recovered from backups.
Average ransom payment dropped to $2.8 million, down from $3.6 million in 2025.
83% of ransomware victims paid a ransom, up from 70% previously.
Ransomware attacks rose 55.1% year-over-year in the first four months of 2026 and reached an average of 171 incidents per month.
The Qilin ransomware group was linked to ransomware incidents in 26 of the 31 countries analysed.
More than half of SafePay's ransomware activity in Europe targeted German organisations.
64 European organisations were drawn into a ransomware or data extortion incident through a third party.
Professional, scientific, and technical services accounted for 17.8% of ransomware victims.
Adversaries maintained access to enterprise networks for nearly 2.5 weeks on average before being detected in ransomware incidents.
14% of organizations were unaware of an attack until they receive a ransom demand, compared to 6% the previous year.
53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.
78% of enterprise servers are reachable over SMB or WinRM, administrative protocols commonly exploited for ransomware spread and lateral movement.
80% of enterprise servers are reachable from anywhere inside the network, creating greenfield conditions for ransomware, operational disruption, and full-environment compromise.
Big game hunting adversaries named 572 technology entities on dedicated leak sites for extortion.
50% of organizations reported ransomware intrusions, down from 54% in 2025.
Direct ransomware attacks on financial institutions spiked 76% year-over-year in Q1 2026.