In 2023, organizations all around the world detected 317.59 million ransomware attempts. Overall, this number decreased significantly between the third and fourth quarters of 2022, going from around 102 million to nearly 155 million cases, respectively. Ransomware attacks usually target organizations that collect large amounts of data and are critically important. In case of an attack, these organizations prefer paying the ransom to restore stolen data rather than to report the attack immediately. The incidents of data loss also damage companies’ reputation, which is one of the reasons why ransomware attacks are not reported. Most targeted industries and regions As a part of critical infrastructure, the manufacturing industry is usually targeted by ransomware attacks. In 2022, manufacturing organizations worldwide saw 437 such attacks. The food and beverage industry ranked second, with over 50 ransomware attacks. By the share of ransomware attacks on critical infrastructure, North America ranked first among other worldwide regions, followed by Europe. Healthcare and public health sector organizations filed the highest number of complaints to the U.S. law enforcement in 2022 about ransomware attacks. Ransomware as a service (RaaS) The Ransomware as a Service (RaaS) business model has existed for over a decade. The model involves hackers and affiliates. Hackers develop ransomware attack models and sell them to affiliates. The latter then use them independently to attack targets. According to the business model, the hacker who created the RaaS receives a service fee per collected ransom. In the first quarter of 2022, there were 31 Ransomware as a Service (RaaS) extortion groups worldwide, compared to the 19 such groups in the same quarter of 2021.

As of 2025, nearly 63 percent of businesses worldwide were affected by ransomware attacks. This figure represents a decrease on the previous year and was by far the lowest figure reported since 2020. Overall, since 2018, more than half of the total survey respondents each year stated that their organizations had been victimized by ransomware. Most targeted industries In 2024, the critical manufacturing industry in the United States was once again most targeted by ransomware attacks. Overall, organizations in this industry experienced 258 cyberattacks in the measured year. Healthcare and the public health sector ranked second, followed by government facilities, with 238 and 220 cyberattacks, respectively. Ransomware in the manufacturing industry The manufacturing industry, along with its subindustries, is constantly targeted by ransomware attacks, causing data loss, business disruptions, and reputational damage. Often, such cyberattacks are international and have a political intent. In 2024, exploited vulnerabilities were the leading cause of ransomware attacks in the manufacturing industry.

From 2021 to 2024, the share of financial institutions worldwide experiencing ransomware attacks has increased significantly. In 2024, roughly 65 percent of financial organizations worldwide reported experiencing a ransomware attack, compared to 64 percent in 2023 and 34 percent in 2021.

In 2023, ransomware was the most frequently detected cyberattack worldwide, with around 70 percent of all detected cyberattacks. Network breaches ranked second, with almost 19 percent of the detections. Although less frequently, data exfiltration was also among the detected cyberattacks.

A 2023 survey among cybersecurity leaders of worldwide organizations revealed that ** percent of organizations in Brazil paid the ransom and got data back. France ranked second by the share of organizations that restored the data by running backups, as ** percent reported doing so. However, the country also ranked first by the percentage of companies that paid the ransom but didn't get the data back.

In November 2024, the number of reports about ransomware attacks worldwide reached its highest point, 632 cases. Overall, the number of victims fluctuated in the last two years, reaching 527 in May 2024.

In 2023, 143 significant ransomware attacks were detected in Europe, marking a 31 percent increase from 109 known major ransomware attacks in the previous year. Meanwhile, the figures do not represent the overall number of ransomware attacks in the region. Furthermore, in 2022 small and medium enterprises (SMEs) remained the primary target for ransomware actors.

A 2023 survey among cybersecurity leaders of organizations revealed that ** percent of organizations in Singapore recovered their data via any method. In comparison, ten percent of organizations did not pay the ransom after experiencing a ransomware attack.

In 2023, Lockbit ransomware was the most detected ransomware, detected in over 22 percent of global cyberattacks. Akira ranked second, responsible for 11.11 percent of ransomware incidents, followed closely by ALPHV/BlackCat, which was detected in over nine percent of attacks.

A 2023 survey among cybersecurity leaders of organizations in France revealed that 97 percent of the companies that encountered a ransomware attack managed to get the encrypted data back by employing one or more methods. Of this share, 22 percent paid the ransom to restore the stolen data, while 87 percent said they used backups to regain the data.

On average, ** percent of organizations worldwide were victims of a ransomware attack between January and February 2024, according to a survey conducted among cybersecurity leaders of worldwide organizations. France ranked first by the ransomware rate in companies, with ** percent reporting having encountered such an attack in the last 12 months. Companies in South Africa, Italy, and Austria followed, with up to ** percent of the organizations experiencing ransomware attacks.

In 2025, around ** percent of companies worldwide paid ransom to recover data. In 2018, this figure stood at **** percent and gradually increased over the past few years. The highest uptick was between the years 2021 and 2023.

As of January 2023, every ransomware attack encountered by Italian companies included a malware infection. Furthermore, ** percent of ransomware attacks included data encryption. Network lateral movements were the case for about half of the incidents.

A 2023 survey of IT security professionals and working adults revealed that ** percent of global organizations encountered one to three ransomware infections. A further ** percent stated having faced up to four to six ransomware infections, while **** percent were infected by *** or more separate ransomware.

Throughout 2023, the United States accounted for the largest share of detected ransomware attacks globally, representing 45 percent of detected incidents. The United Kingdom followed with seven percent, while Germany experienced four percent of the overall ransomware incidents.

From January to October 2023, the average downtime in U.S. healthcare organizations caused by ransomware attacks was 18.71 days. This figure represents an increase from nearly 16 days in 2022 and approximately seven days in 2021.

In 2023, the services sector faced the highest share of ransomware attacks, accounting for 24 percent of detected incidents. Manufacturing followed with nine percent, while IT services and healthcare sectors experienced 8 percent and 6 percent of attacks, respectively.

In 2023, Windows was the most affected operating system by ransomware attacks, accounting for 92 percent of attacks, up from 71 percent in 2022. Additionally, five percent of attacks targeted MacOS, the operating system developed by Apple for its line of Mac computers.

In 2024, the manufacturing was the industry most targeted by ransomware attacks. Companies in this sector saw ***** ransomware attacks in the examined period. The industrial control systems sector ranked second, with *** incidents. Organizations in the transportation sector were the next-most targeted, seeing *** ransomware attacks in the measured year.

A 2024 survey of cybersecurity professionals of worldwide organizations revealed that the ***************************** had the highest number of vulnerabilities exploited in ransomware attacks. The survey showed that the second-most common root cause of ransomware attacks was *********************** across all sectors, followed by ****************.