Ransomware incidents reported to FinCEN reached an all-time high of 1,512 incidents in 2023, totaling $1.1 billion in payments, marking a 77% increase in total payments year-over-year from 2022 to 2023.

The manufacturing industry accounted for 456 ransomware incidents totaling approximately $284.6 million in reported payments, while the financial services industry accounted for 432 incidents totaling approximately $365.6 million, and the healthcare industry accounted for 389 incidents totaling approximately $305.4 million.

In 2024, ransomware incidents reported to FinCEN decreased to 1,476 incidents, reflecting $734 million in the aggregate value of reported payments.

67% of ransomware reports that provided the communication method indicated that threat actors communicated with their intended targets via messages sent over The Onion Router protocol.

60% of ransomware attacks occurred following an IPO, merger or acquisition, or round of layoffs.

52% of organizations reported being targeted by ransomware attacks on holidays or weekends.

61% of Chief Information Security Officers believe AI has directly increased ransomware risk

In Q3 2025, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases investigated by Beazley Security.

In Q3 2025, the Akira ransomware group claimed 167 posts on their public leak site.

In Q3 2025, leak site posts increased by 11% from Q2 to Q3.

In Q3 2025, INC Ransomware accounted for approximately 8% of Beazley Security incident response cases.

In Q3 2025, the Akira ransomware group accounted for approximately 39% of Beazley Security incident response cases.

In Q3 2025, Qilin ransomware accounted for approximately 18% of Beazley Security incident response cases.

In Q3 2025, Qilin ransomware claimed 271 posts on their public leak site.

In Q3 2025, the 'Others' category of ransomware actors decreased from 40% to 16% of cases compared to the previous quarter.

There were 333 ransomware attacks detected by Trellix specifically targeting critical infrastructure sectors from April 1 to September 30, 2025.

In Q3 2025, INC Ransomware claimed 119 posts on their public leak site.

Malware and ransomware accounted for 51% of all cyber insurance claims in 2024, up from 32% in 2023.

89% of organizations that experienced a ransomware attack in the past year paid a ransom to recover their data or stop the attack

The proportion of retailers hit by extortion-only attacks tripled from 2% in 2023 to 6% in 2025