Skip to main content
HomeTopicsRansomware

Ransomware

Statistics and intelligence on ransomware attacks, trends, and prevention strategies across global organizations.

Showing 1-20 of 967 results

In the last 16 months, nearly 70% of Europe's ransomware activity was concentrated in Germany, the United Kingdom, France, Italy, and Spain.

Black Kite6/28/2026
EuropeGermany

Manufacturing was the most-affected sector at 27.9% of ransomware victims.

Black Kite6/28/2026
ManufacturingSectoral Risk

Germany reported 370 ransomware incidents (17.9%), the United Kingdom reported 347 (16.8%), France repored 255 (12.3%), Italy reported 240 (11.6%), and Spain reported 203 (9.8%) among ransomware incidents across Europe.

Black Kite6/28/2026
Geographic DistributionEurope

Within professional, scientific, and technical services, IT service providers were the single most-targeted subindustry by ransomware.

Black Kite6/28/2026
IT ServicesSectoral Risk

Only 18% of organisations that suffered a ransomware attack paid the ransom, while 59% recovered from backups.

Databarracks6/28/2026
Data RecoveryBackups

Average ransom payment dropped to $2.8 million, down from $3.6 million in 2025.

ExtraHop6/28/2026
Financial ImpactRansom Payment

83% of ransomware victims paid a ransom, up from 70% previously.

ExtraHop6/28/2026
Ransom PaymentFinancial Impact

Ransomware attacks rose 55.1% year-over-year in the first four months of 2026 and reached an average of 171 incidents per month.

Black Kite6/28/2026
Incident Rates

The Qilin ransomware group was linked to ransomware incidents in 26 of the 31 countries analysed.

Black Kite6/28/2026
Threat ActorsGeographic Distribution

More than half of SafePay's ransomware activity in Europe targeted German organisations.

Black Kite6/28/2026
GermanyThreat Actors

64 European organisations were drawn into a ransomware or data extortion incident through a third party.

Black Kite6/28/2026
Third-Party RiskSupply Chain

Professional, scientific, and technical services accounted for 17.8% of ransomware victims.

Black Kite6/28/2026
Professional ServicesSectoral Risk

Adversaries maintained access to enterprise networks for nearly 2.5 weeks on average before being detected in ransomware incidents.

ExtraHop6/28/2026
Dwell TimeDetection

14% of organizations were unaware of an attack until they receive a ransom demand, compared to 6% the previous year.

ExtraHop6/28/2026
DetectionRansom

53% of the organisations drawn into third-party ransomware or data extortion incidents traced to a single event: the August 2025 compromise of Miljödata.

Black Kite6/28/2026
Third-Party RiskSupply Chain

78% of enterprise servers are reachable over SMB or WinRM, administrative protocols commonly exploited for ransomware spread and lateral movement.

Zero Networks6/15/2026
SMBWinRM

80% of enterprise servers are reachable from anywhere inside the network, creating greenfield conditions for ransomware, operational disruption, and full-environment compromise.

Zero Networks6/15/2026
Network SecurityLateral Movement

Big game hunting adversaries named 572 technology entities on dedicated leak sites for extortion.

CrowdStrike6/15/2026
ExtortionTechnology Sector

50% of organizations reported ransomware intrusions, down from 54% in 2025.

Fortinet6/15/2026

Direct ransomware attacks on financial institutions spiked 76% year-over-year in Q1 2026.

Black Kite6/6/2026
Financial Services