Skip to main content

CYBERSTATS

Security Intelligence

HomeTopicsRansomware

Ransomware

Statistics and intelligence on ransomware attacks, trends, and prevention strategies across global organizations.

Related Topics

Threat Actors7Akira5Ransomware Groups5Disclosed Ransomware Attacks4Qilin4Leak sites4

Top Vendors

BlackFog89CROWDSTRIKE79GuidePoint Security70NCC Group65AXA XL48Sophos38

Showing 1-20 of 784 results

70% of global ransomware activity targets English-speaking countries.

Nozomi Networks2/22/2026
Ransomware Targets

44% of attacks in the Automotive and Smart Mobility ecosystem are ransomware-related, more than double the volume in 2024.

Upstream2/22/2026
AutomotiveSmart Mobility

The number of ransomware groups targeting industrial organizations increased 49% year-over-year to 119 groups, collectively impacting 3,300 organizations globally.

Dragos2/22/2026
Industrial SecurityOperational Technology

Organizations with comprehensive OT visibility detect and contain OT ransomware incidents in an average of 5 days, compared to the industry-wide average of 42 days.

Dragos2/22/2026
Operational TechnologyIncident Response

The average dwell time for ransomware in OT environments is 42 days.

Dragos2/22/2026
Operational TechnologyDwell Time

Manufacturing accounts for more than two-thirds of all ransomware victims.

Dragos2/22/2026
ManufacturingIndustrial Security

Scattered Spider accounted for 42.9% of all actor-related alerts in the second half of 2025.

Nozomi Networks2/22/2026
Threat ActorsScattered Spider

90% of ransomware incidents exploit firewalls through a CVE or a vulnerable account.

Barracuda2/22/2026
FirewallCVE

Ransomware attacks against industrial organizations increased 64% year-over-year.

Dragos2/22/2026
Industrial Security

96% of incidents involving lateral movement end with the release of ransomware.

Barracuda2/22/2026
Lateral Movement

The fastest ransomware case observed, involving Akira ransomware, takes just three hours from breach to encryption.

Barracuda2/22/2026
BreachEncryption

In the second half of 2025, ransomware attacks against Canada and the UK accounted for a combined 30% of attacks.

Nozomi Networks2/22/2026
Ransomware TargetsCanada

In the second half of 2025, 40% of all ransomware attacks targeted US-based companies.

Nozomi Networks2/22/2026
Ransomware TargetsUnited States

The Play ransomware group accounted for 5% of disclosed ransomware attacks in 2025.

BlackFog2/14/2026
Threat ActorsDisclosed Ransomware Attacks

Canada accounted for 6% and Germany accounted for 4% of undisclosed ransomware attacks in 2025.

BlackFog2/14/2026
CanadaGermany

Organizations across 135 countries, representing 69% of countries worldwide, were impacted by ransomware attacks in 2025.

BlackFog2/14/2026
Global Security

Publicly disclosed ransomware increased by 49% year-on-year, reaching 1,174 incidents, nearly four times higher than in 2020.

BlackFog2/14/2026
Publicly Disclosed RansomwareIncident Volume

Undisclosed ransomware victims announced on dark web leak sites totaled 7,079 in 2025, a 37% increase compared to 2024.

BlackFog2/14/2026
Dark Web Leak SitesUndisclosed Ransomware Victims

Fifty-two new ransomware groups emerged in 2025, a 9% increase compared to 2024.

BlackFog2/14/2026
Threat ActorsRansomware Groups

The Qilin ransomware group claimed 1,115 victims in 2025, making it the most active ransomware group across disclosed and undisclosed attacks.

BlackFog2/14/2026
Threat ActorsRansomware Groups