Ransomware incidents reported to FinCEN reached an all-time high of 1,512 incidents in 2023, totaling $1.1 billion in payments, marking a 77% increase in total payments year-over-year from 2022 to 2023.

Between January 2022 and December 2024, FinCEN received 7,395 BSA reports related to 4,194 ransomware incidents, totaling more than $2.1 billion in ransomware payments.

The manufacturing industry accounted for 456 ransomware incidents totaling approximately $284.6 million in reported payments, while the financial services industry accounted for 432 incidents totaling approximately $365.6 million, and the healthcare industry accounted for 389 incidents totaling approximately $305.4 million.

The 10 ransomware variants with the highest cumulative payment amounts identified in BSA reports accounted for approximately $1.5 billion in payments.

52% of organizations reported being targeted by ransomware attacks on holidays or weekends.

60% of ransomware attacks occurred following an IPO, merger or acquisition, or round of layoffs.

61% of Chief Information Security Officers believe AI has directly increased ransomware risk

In Q3 2025, leak site posts increased by 11% from Q2 to Q3.

In Q3 2025, Qilin ransomware claimed 271 posts on their public leak site.

In Q3 2025, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases investigated by Beazley Security.

In Q3 2025, the Akira ransomware group claimed 167 posts on their public leak site.

In Q3 2025, the 'Others' category of ransomware actors decreased from 40% to 16% of cases compared to the previous quarter.

In Q3 2025, Qilin ransomware accounted for approximately 18% of Beazley Security incident response cases.

In Q3 2025, INC Ransomware claimed 119 posts on their public leak site.

There were 333 ransomware attacks detected by Trellix specifically targeting critical infrastructure sectors from April 1 to September 30, 2025.

In Q3 2025, the Akira ransomware group accounted for approximately 39% of Beazley Security incident response cases.

In Q3 2025, INC Ransomware accounted for approximately 8% of Beazley Security incident response cases.

89% of organizations that experienced a ransomware attack in the past year paid a ransom to recover their data or stop the attack

Malware and ransomware accounted for 51% of all cyber insurance claims in 2024, up from 32% in 2023.

62% of retailers who experienced attacks restored their data using backups in 2025, the lowest rate in four years