In 2023, organizations all around the world detected 317.59 million ransomware attempts. Overall, this number decreased significantly between the third and fourth quarters of 2022, going from around 102 million to nearly 155 million cases, respectively. Ransomware attacks usually target organizations that collect large amounts of data and are critically important. In case of an attack, these organizations prefer paying the ransom to restore stolen data rather than to report the attack immediately. The incidents of data loss also damage companies’ reputation, which is one of the reasons why ransomware attacks are not reported. Most targeted industries and regions As a part of critical infrastructure, the manufacturing industry is usually targeted by ransomware attacks. In 2022, manufacturing organizations worldwide saw 437 such attacks. The food and beverage industry ranked second, with over 50 ransomware attacks. By the share of ransomware attacks on critical infrastructure, North America ranked first among other worldwide regions, followed by Europe. Healthcare and public health sector organizations filed the highest number of complaints to the U.S. law enforcement in 2022 about ransomware attacks. Ransomware as a service (RaaS) The Ransomware as a Service (RaaS) business model has existed for over a decade. The model involves hackers and affiliates. Hackers develop ransomware attack models and sell them to affiliates. The latter then use them independently to attack targets. According to the business model, the hacker who created the RaaS receives a service fee per collected ransom. In the first quarter of 2022, there were 31 Ransomware as a Service (RaaS) extortion groups worldwide, compared to the 19 such groups in the same quarter of 2021.

As of July 2025, the WannaCry ransomware attack launched in 2017 was the biggest attack by its impact. During this attack, cyber actors took over 250 thousand user accounts of Microsoft Windows. As a result of this attack, the company lost over four billion U.S. dollars. The latest of selected significant cyberattacks was the 2022 ransomware attack against Swisspost, in which 1.6 terabytes of data was stolen.

After experiencing a ransomware attack, roughly 49 percent of organizations worldwide paid up ransom fees to get their encrypted data back. Survey data from January to March 2025 found that 54 percent of the affected companies used bachups to restore the data.

A 2025 survey of cybersecurity professionals of organizations worldwide revealed that 32 percent of the organizations suffered ransomware attacks due to exploited vulnerabilities. Compromised credentials were the second-most common cause of successful ransomware attacks, while malicious e-mail ranked third.

As of 2025, nearly 63 percent of businesses worldwide were affected by ransomware attacks. This figure represents a decrease on the previous year and was by far the lowest figure reported since 2020. Overall, since 2018, more than half of the total survey respondents each year stated that their organizations had been victimized by ransomware. Most targeted industries In 2024, the critical manufacturing industry in the United States was once again most targeted by ransomware attacks. Overall, organizations in this industry experienced 258 cyberattacks in the measured year. Healthcare and the public health sector ranked second, followed by government facilities, with 238 and 220 cyberattacks, respectively. Ransomware in the manufacturing industry The manufacturing industry, along with its subindustries, is constantly targeted by ransomware attacks, causing data loss, business disruptions, and reputational damage. Often, such cyberattacks are international and have a political intent. In 2024, exploited vulnerabilities were the leading cause of ransomware attacks in the manufacturing industry.

In the fourth quarter of 2023, around 43 percent of ransomware attacks worldwide targeted industrial organizations and infrastructures in North America, making it the continent with the highest number of ransomware attacks. Companies across European industry sectors saw about 32 percent of all global ransomware attacks. Asia ranked third, with about 14 percent of the global ransomware attacks recorded in the examined quarter.

In 2024, the manufacturing was the industry most targeted by ransomware attacks. Companies in this sector saw 1,171 ransomware attacks in the examined period. The industrial control systems sector ranked second, with 177 incidents. Organizations in the transportation sector were the next-most targeted, seeing 176 ransomware attacks in the measured year.

A 2024 survey of cybersecurity professionals of worldwide organizations revealed that the energy and utilities industry had the highest number of vulnerabilities exploited in ransomware attacks. The survey showed that the second-most common root cause of ransomware attacks was compromised credentials across all sectors, followed by malicious e-mail.

From 2021 to 2024, the share of financial institutions worldwide experiencing ransomware attacks has increased significantly. In 2024, roughly 65 percent of financial organizations worldwide reported experiencing a ransomware attack, compared to 64 percent in 2023 and 34 percent in 2021.

Between 2021 and 2024, the costs of recovery after ransomware attacks have doubled. In the latest measured year, the impact of the most significant ransomware attack cost organizations nearly three million U.S. dollars, up from 1.27 million U.S. dollars in 2021.

In 2024, the total amount of money received by ransomware actors amounted to 813 million U.S. dollars, down from 1.25 billion U.S. dollars in the year prior. The number of ransomware payments peaked in 2021.

In 2024, LockBit was the ransomware group most frequently dataected on dark web leak sites. The research found 266 detections of this ransomware. RansomHub ranked second, with 249 mentions.

In November 2024, the number of reports about ransomware attacks worldwide reached its highest point, 632 cases. Overall, the number of victims fluctuated in the last two years, reaching 527 in May 2024.

In 2025, around ** percent of companies worldwide paid ransom to recover data. In 2018, this figure stood at **** percent and gradually increased over the past few years. The highest uptick was between the years 2021 and 2023.

Throughout 2023, the United States accounted for the largest share of detected ransomware attacks globally, representing 45 percent of detected incidents. The United Kingdom followed with seven percent, while Germany experienced four percent of the overall ransomware incidents.

Between February and December 2024, the average cyber risk index (CRI) worldwide was highest in the education industry, at 42 index points. The communications industry ranked second, with 41.6 points, followed by the agriculture industry with 41.2 index points.

In 2023, over 17 percent of users targeted with ransomware attacks had encountered Magniber Trojans. The second-most common family of ransomware Trojans in the measured period was generic verdict, with around 12.39 percent detections.

A 2023 survey of IT security professionals and working adults revealed that ** percent of global organizations encountered one to three ransomware infections. A further ** percent stated having faced up to four to six ransomware infections, while **** percent were infected by *** or more separate ransomware.

According to a 2024 cybersecurity study, organizations in public administration had the oldest cyber vulnerabilities, around 315 days old, on average. The organizations in retail followed, with around 228 days old vulnerabilities.

In 2023, healthcare and public health organizations in the United States experienced 249 ransomware attacks. Furthermore, government facilities in the U.S. saw 156 incidents of ransomware attacks in the measured year.