In 2023, organizations all around the world detected 317.59 million ransomware attempts. Overall, this number decreased significantly between the third and fourth quarters of 2022, going from around 102 million to nearly 155 million cases, respectively. Ransomware attacks usually target organizations that collect large amounts of data and are critically important. In case of an attack, these organizations prefer paying the ransom to restore stolen data rather than to report the attack immediately. The incidents of data loss also damage companies’ reputation, which is one of the reasons why ransomware attacks are not reported. Most targeted industries and regions As a part of critical infrastructure, the manufacturing industry is usually targeted by ransomware attacks. In 2022, manufacturing organizations worldwide saw 437 such attacks. The food and beverage industry ranked second, with over 50 ransomware attacks. By the share of ransomware attacks on critical infrastructure, North America ranked first among other worldwide regions, followed by Europe. Healthcare and public health sector organizations filed the highest number of complaints to the U.S. law enforcement in 2022 about ransomware attacks. Ransomware as a service (RaaS) The Ransomware as a Service (RaaS) business model has existed for over a decade. The model involves hackers and affiliates. Hackers develop ransomware attack models and sell them to affiliates. The latter then use them independently to attack targets. According to the business model, the hacker who created the RaaS receives a service fee per collected ransom. In the first quarter of 2022, there were 31 Ransomware as a Service (RaaS) extortion groups worldwide, compared to the 19 such groups in the same quarter of 2021.

As of 2025, nearly 63 percent of businesses worldwide were affected by ransomware attacks. This figure represents a decrease on the previous year and was by far the lowest figure reported since 2020. Overall, since 2018, more than half of the total survey respondents each year stated that their organizations had been victimized by ransomware. Most targeted industries In 2024, the critical manufacturing industry in the United States was once again most targeted by ransomware attacks. Overall, organizations in this industry experienced 258 cyberattacks in the measured year. Healthcare and the public health sector ranked second, followed by government facilities, with 238 and 220 cyberattacks, respectively. Ransomware in the manufacturing industry The manufacturing industry, along with its subindustries, is constantly targeted by ransomware attacks, causing data loss, business disruptions, and reputational damage. Often, such cyberattacks are international and have a political intent. In 2024, exploited vulnerabilities were the leading cause of ransomware attacks in the manufacturing industry.

In 2023, the worldwide number of malware attacks reached 6.06 billion, an increase of 10 percent compared to the preceding year. In recent years, the highest number of malware attacks was detected in 2018, when 10.5 billion such attacks were reported across the globe. Malware attacks worldwide In 2022, worm malware was blocked over 205 million times. Another common malware type during that period, Emotet, primarily targeted the Asia-Pacific region. Overall, websites are the most common vector for malware attacks and recent industry data found that malware attacks were frequently received via exe files. Most targeted industries In 2022, the education sector was heavily targeted by malware, encountering 2,314 weekly attacks on average. Government and military organizations ranked second, followed by the healthcare units. Overall, in 2022, the education sector saw over five million malware attacks in the examined year.

On average, ** percent of organizations worldwide were victims of a ransomware attack between January and February 2024, according to a survey conducted among cybersecurity leaders of worldwide organizations. France ranked first by the ransomware rate in companies, with ** percent reporting having encountered such an attack in the last 12 months. Companies in South Africa, Italy, and Austria followed, with up to ** percent of the organizations experiencing ransomware attacks.

A 2025 survey of cybersecurity professionals of organizations worldwide revealed that 32 percent of the organizations suffered ransomware attacks due to exploited vulnerabilities. Compromised credentials were the second-most common cause of successful ransomware attacks, while malicious e-mail ranked third.

In 2023, 143 significant ransomware attacks were detected in Europe, marking a 31 percent increase from 109 known major ransomware attacks in the previous year. Meanwhile, the figures do not represent the overall number of ransomware attacks in the region. Furthermore, in 2022 small and medium enterprises (SMEs) remained the primary target for ransomware actors.

In 2024, ** percent of organizations worldwide claimed to have fallen victim to a ransomware attack in the previous year, according to a survey conducted among cybersecurity leaders of worldwide organizations. This is a decline compared to *** previous years, when ** percent of global organizations encountered ransomware attacks.

From 2021 to 2024, the share of financial institutions worldwide experiencing ransomware attacks has increased significantly. In 2024, roughly 65 percent of financial organizations worldwide reported experiencing a ransomware attack, compared to 64 percent in 2023 and 34 percent in 2021.

As of July 2025, the WannaCry ransomware attack launched in 2017 was the biggest attack by its impact. During this attack, cyber actors took over 250 thousand user accounts of Microsoft Windows. As a result of this attack, the company lost over four billion U.S. dollars. The latest of selected significant cyberattacks was the 2022 ransomware attack against Swisspost, in which 1.6 terabytes of data was stolen.

In 2024, the manufacturing was the industry most targeted by ransomware attacks. Companies in this sector saw ***** ransomware attacks in the examined period. The industrial control systems sector ranked second, with *** incidents. Organizations in the transportation sector were the next-most targeted, seeing *** ransomware attacks in the measured year.

In 2024, ** percent of surveyed healthcare organizations claimed to having encountered ransomware attacks in the past year, marking it the highest encounter rate since 2021. In comparison, ** percent of organizations had experienced ransomware attacks as of 2023.

In 2024, healthcare organizations in California saw the highest number of ransomware attacks among other U.S. states. The state experienced in total of 66 ransomware attacks in the measured year. Texas ranked second, by the number of healthcare ransomware attacks, followed by New York.

A 2024 survey of cybersecurity professionals of worldwide organizations revealed that the ***************************** had the highest number of vulnerabilities exploited in ransomware attacks. The survey showed that the second-most common root cause of ransomware attacks was *********************** across all sectors, followed by ****************.

A November 2022 survey of companies in the United Kingdom (UK) found that the share of organizations having experienced ransomware attacks in the past year was 74.7 percent. This is an uptick from 73 percent in the year prior.

In 2024, the total amount of money received by ransomware actors amounted to 813 million U.S. dollars, down from 1.25 billion U.S. dollars in the year prior. The number of ransomware payments peaked in 2021.

In the last two quarters of 2022, global ransomware attacks increased by over ** percent, going from over *** million to nearly *** million cases. In recent years, the highest number of global ransomware attacks was registered in the second quarter of 2021, when organizations worldwide reported encountering ***** ransomware attacks.

As of the second quarter of 2022, the average length of interruption after ransomware attacks at businesses and organizations in the United States was 24 days. This was less than the downtime duration in previous quarter, 26 days. Overall, between the first quarter of 2020 and the fourth quarter of 2021, the average duration of the downtime after a ransomware attack had increased from 15 to 24 days.

In 2024, the U.S. Internet Crime Complaint Center (IC3) received approximately *** complaints indicating ransomware attacks in healthcare critical manufacturing organizations. The second most victimized industry sector was **********. ********************* ranked third, with *** complaints. Financial services organizations filed *** complaints during the examined year.

From January to October 2023, the average downtime in U.S. healthcare organizations caused by ransomware attacks was 18.71 days. This figure represents an increase from nearly 16 days in 2022 and approximately seven days in 2021.

In 2024, 74 percent of organizations in France encountered a cyberattack. This represents a decrease of approximately 11 percent from the previous year. In 2023, 97 percent of companies in France that had suffered a cyberattack restored the encrypted data.