85+ Ransomware Statistics Shaping 2025 Safety Developments

The final decade has seen a steep enhance within the prevalence of ransomware in healthcare, drugs, and provide chains.

As an alternative of handbook ransomware assaults, menace actors are actually utilizing a mixture of methods, similar to ransomware as a service (RaaS), triple extortion, provide chain assaults, and phishing, to lure firms into paying ransom.

It’s now not nearly locking down methods. Ransomware firms double down by launching malware assaults and threatening firms to leak delicate data, which has had an adversarial monetary influence on general cybersecurity income. In accordance with Statista, roughly 7 out of 10 cyberattacks in 2013 had been ransomware assaults, with greater than 317 million makes an attempt recorded. 

Despite the fact that firms deploy the perfect endpoint safety software program to supply an end-to-end mechanism in opposition to threats, attackers proceed to seek out new methods in.

On this article, we hint the timeline of 85+ key ransomware occasions from 2011 to 2025, highlighting the rise in cybercrimes and what it means for companies all over the world.

Notable incidents embrace WannaCry in 2017, which crippled methods in 150 nations, and the Colonial Pipeline breach, which disrupted gasoline provide within the US. A report from the College of Maryland, A. James Clark College of Engineering, reveals that cyberattacks happen at an alarming price of two,200 day by day, with hackers attacking each 39 seconds. 

Beneath is a year-over-year breakdown of the 7 most notable knowledge breaches that wreaked havoc throughout world industries and resulted in most monetary harm.

Sources: Cloudflare, Cybersecurity Insiders, Bitdefender,  CISA, Cybersecurity Dive, Hyperproof, centraleyes, and DOJ

As per Sophos’s State of Ransomware report for 2024, the typical ransom fee noticed a 12 months–over–12 months enhance, with paying “a seven-figure or extra ransom sum” now the brand new norm. The organizations that pay ransoms reported a mean fee of $2 million, up from $400,000 in 2023, which alerts a steep enhance in ransom and knowledge restoration prices.

Beneath is a rundown of the most important monetary influence of ransomware assaults throughout the final 8 years that resulted in a gargantuan industrial and monetary influence.

In accordance with a protection by CBS information, over 621 establishments needed to face a disaster as a consequence of an upsurge in ransomware assaults that led to an estimated price ticket of lots of and thousands and thousands of {dollars}.

• Baltimore Ransomware assault: This ransomware assault incurred over $18 million in knowledge restoration prices.
• Lake Metropolis, Florida: After a ransomware assault crippled town’s methods, it needed to pay a $460,000 ransom.
• Rivera Seashore, Florida: To regain entry to and management of the encrypted recordsdata, it needed to pay $600,000 in Bitcoin.
• Jackson County, Georgia: Cybercriminals had been paid $400,000 following a ransomware assault.
• La Porte County, Indiana: The monetary loss amounted to $130,000 in ransom after a ransomware an infection. 
• New Bedford, Massachusetts: The attacker refused a $5.3 million ransom and as a substitute selected a $400,000 restoration plan.
• Lubbock County, Texas: The El Paso assault at College Medical Heart, Texas Tech Well being Sciences Heart, and TTUHSC El Paso impacted 1.4 million sufferers’ knowledge and private data.
• Onslow Water and Sewer Authority, North Carolina: The malware launched the Ryuk crypto virus, which unfold rapidly within the community and resulted in a ransom of $640,000.
• Imperial County, California: An assault was unleashed on Imperial Valley Faculty’s computing system, which resulted in a fee of $55,068 to the ransomware attacker.
• Syracuse Metropolis College District, New York: Ransomware attacked the varsity’s computing methods, forcing it to pay a $50,000 insurance coverage deductible to revive them.

In accordance with US Company FinCEN’s evaluation of ransomware-related suspicious exercise reviews (SARs) filed in the course of the first half of 2021, $590 million was paid in ransomware-related transactions (which largely point out ransoms from the US to ransomware teams), exceeding the entire worth reported in 2020, which was $416 million.

• Colonial Pipeline Assault: Led to gasoline shortages throughout the US East Coast, ransom paid was $4.4 million.

• JBS Meals: The group paid $11 million in ransom after a REvil ransomware assault disrupted firm operations.

• Kaseya: REvil ransomware assault affected as much as 1,500 companies by way of Kaseya’s software program.

• Acer: The agency confronted a $50 million ransom demand from the REvil group, the place the menace actors demanded the biggest ransom of the 12 months.

• CNA Monetary: The corporate reportedly paid $40 million in ransom after a Phoenix locker ransomware assault.
• Sky Lakes Medical Heart: The assault took down 650 servers and 150 purposes, and the hospital took 7 months to get well.

• AXA Insurance coverage: The Avaddon ransomware group claimed to have stolen three TB of delicate knowledge from AXA’s Asian operations and offered leak samples.

• Washington DC Police Division: The Babuk ransomware group launched 1000’s of the Metropolitan Police Division’s delicate data on the darkish net. The Babuk group initially demanded $4 million to not launch the recordsdata, however was solely supplied $100,000.
• Quanta Pc: Apple provider Quanta was the goal of a $50 million ransomware assault, which resulted in unprecedented schematic leaks of Apple product blueprints.
• Toshiba: Toshiba Tec Corp was attacked by DarkSide, and the agency mentioned that greater than 740 GB was compromised and included passports and different private data.

Ransomware statistics 2022: Superior extortion and authorities crises

The enlargement of unpatched system ransomware and double and triple extortions meant that 4% of firms in 2022 had been threatened to pay a ransom even when the info wasn’t encrypted.

In the identical 12 months, round 31% of industries efficiently stopped the ransom assault earlier than the malware may exfiltrate and encrypt their knowledge. Whereas that’s true, 65% of the time, cybercriminals succeeded in launching cyberattacks, accessing the info vault, and inflicting extra disruptions.

• Nvidia: The Lapsus$ ransomware group attacked Nvidia and claimed to have stolen 1 TB of delicate knowledge and leaked the credentials of 70,000 customers. 
• Samsung: The identical group attacked Samsung Electronics and leaked 190 GB of knowledge, together with the supply code of bootloaders, activation servers, and trusted applets.
• Okta: Okta confronted an information breach brought on by Lapsus$ digital extortion, which resulted in $40 GB of leaked knowledge and a compromised administrative account.
• Medibank:  In October 2022, hackers focused Medibank Personal with a ransomware assault, placing 9.7 million medical data prone to exploitation and fraud.
• CommonSpirit Well being: The agency estimated that the monetary losses brought on by the assault reached $160 million, together with enterprise disruption, remediation prices, and many others.
• Rackspace: Rackspace Know-how recorded a $5 million ransom fee stemming from the December 2022 ransomware assault on the corporate’s Hosted Change Enterprise.
• Costa Rica: Round 27 authorities our bodies had been focused in a sequence of ransomware assaults, with 800 servers impacted and losses amounting to $38 million to $125 million per day.

In accordance with Chainalysis, ransomware actors intensified operations and focused high-profile establishments and important infrastructure in 2023. This was the 12 months of the notorious provide chain assault exploiting the SaaS supplier MOVEit, which led to disasters throughout companies, from the BBC to British Airways.

Though 2023 noticed a drop in ransom fee quantity, there have been tangible financial impacts and productiveness declines noticed.

• MOVEit Information Breach: Clop ransomware exploited the MOVEit file switch software, resulting in vital knowledge breaches and $1.1 billion in ransom funds.

• Capita Cyber Assault: The Black Basta ransomware gang focused Capita, compromising delicate knowledge and affecting round 90 companies, costing between 15 to twenty million kilos.

• College of Hawaii: The NoEscape ransomware group focused the Hawaiian group school, exfiltrating 65 GB of knowledge and demanding a ransom.

• British Library: The British Library suffered an assault by the Rhysida group, which demanded a ransom of 20 bitcoin (approx $500,00 at the moment), and leaked 65GB of delicate knowledge.
• Port of Nagoya: The Port of Nagoya, accountable for 10% of Japan’s commerce, was attacked by LockBit ransomware, which destroyed container operations and triggered vital delays.
• Munster Technological College: The ALPHV ransomware group, also called BlackCat, listed over 6 GB of knowledge allegedly stolen by Munster Technological College.

Other than the blast radius disruptions within the provide chain, manufacturing, and meeting strains for industries, 2024 additionally noticed a steep enhance in insider threats. A analysis by Verizon states that round 83% of companies reported experiencing a minimum of one insider assault in 2024.

If the corporate had a good ARR and annual income, the propensity of ransomware elevated drastically. A complete of 5 billion firms reported the joint highest price of assault (67%), adopted by smaller organizations (lower than $10M income), out of which 47% of firms had been focused.

As 2024 noticed double and triple extortions on healthcare, authorities, and academic establishments, here’s a rundown of the monetary influence of those ransomware assaults.

• Change Healthcare (USA): In February 2024, BlackCat/ALPHV launched a large ransomware assault on Change Healthcare, a division of UnitedHealth Group, affecting over 100 million individuals. 

• Marks and Spencer (UK): The retailer suffered a ransomware assault by the DragonForce group, resulting in an estimated lack of 300 million kilos and extended on-line service disruptions.

• CDK International (USA and Canada): In June, a ransomware assault by the BlackSuit group disrupted providers for 1000’s of automotive dealerships throughout North America, prompting a $25 million ransom fee.

• Kadokawa and Niconico (Japan): The Russian-linked BlackSuit group attacked Kadokawa and its video-sharing platform, Niconico, leaking the info of over 254,000 customers. Though they allegedly paid a $2.98 million ransom, they nonetheless leaked the stolen knowledge.

• College Hospital Heart Zagreb (Croatia): LockBit’s ransomware assault severely disrupted operations at Croatia’s largest medical facility, forcing it to return to handbook processes. 

• Healthcorps (USA): In March 2024, the Hades ransomware group (previously Conti) focused Healthcorps, compromising round 5.6 million affected person data throughout a number of states.

• Patelco Credit score Union (USA): The RansomHub gang breached Patelco Credit score Union, resulting in a widespread knowledge breach that affected over 726,000 prospects.
• Spanish Tax Company: The Trinity ransomware group claimed accountability for an assault on Spain’s Agencia Tributaria, alleging 500 GB of knowledge theft and demanding a $38 million ransom.

Despite the fact that the quantity has dropped, attackers are more and more utilizing AI to create phishing lures, disrupt provide chains, and set off unpatched vulnerabilities. Because the severity of those assaults rises, firms are actually trying to make investments in intelligence instruments to nip the evil within the bud.

• Marks and Spencer: Suspected Scattered Spider Assault triggered 300 million kilos in losses and a 1 billion market cap drop within the UK, disrupting on-line retail and meals provide chains. 

• Sensata Applied sciences: In accordance with the U.S. Securities and Change Fee, this ransomware assault crippled essential operations, inflicting a $4 billion loss that should be recovered.

• Qakbot Community: Taken down by the Division of Justice (DOJ) and Europol, this malware infrastructure had enabled ransomware supply for 15+ years and contaminated 7,00,000 methods.

• DanaBot Group: The U.S indicted 16 Russian nationals for utilizing DanaBot in state-linked ransomware and espionage, which was tied to phishing and person credential theft. 

• Christie’s: Public sale home Christie’s was hit by a cyber extortionist group RansomHub, which claimed to have the delicate data of a minimum of 500,000 purchasers.

Areas with superior digital infrastructure and better ransom paying tendencies face disproportionate ransomware assaults, as ransom suppliers have gotten extra unstable and energetic, as predicted in Cyble’s 2025 ransomware report that highlighted the RansomHub-DragonForce conflict.

In accordance with the International Cybersecurity Outlook by WEF, round 72% of respondents report a rise in organizational cyber dangers, with ransomware remaining a high concern. Almost 47% of organizations cite adversarial advances powered by generative AI as their major concern.

Conserving these figures in thoughts, let’s see a number of cases of ransomware assaults throughout essentially the most focused industries and sectors in 2025:

• The healthcare sector skilled a 50% YoY enhance in assaults, turning into essentially the most focused vertical in 2024.
• North America accounted for 54% of all ransomware knowledge leak websites (DLS), making it essentially the most attacked area globally.
• In accordance with Fortinet’s menace intelligence report 2024, training and monetary providers ranked second and third most focused sectors, respectively, with a mixed 33% share of recognized threats.
• Authorities and public administration entities noticed a 9% rise in ransomware complaints reported to the FBI.
• Attackers more and more centered on essential infrastructure, together with utilities and vitality, which had been concerned in 16% of reported ransomware assaults in 2024.

Ransomware assault traits: Vectors and strategies of compromise

Cybercriminals are adapting quicker than ever. As attackers and hackers outsource their malware necessities to RaaS, they’re keeping off express cybersecurity protocols and compliance tips to encrypt and isolate databases. 

In accordance with a research by BlackKite, a brand new hierarchy of vectors has emerged inside the ransomware enviornment, pivoting in the direction of the exploitation of knowledge vulnerabilities. The panorama of cyber threats has already seen a surge in zero-day exploits, with menace actors eager on cracking the backbone of methods earlier than defenders can react. 

Previously 12 months alone, a staggering tally of 200 vulnerabilities had been acknowledged in CISA’s KEV catalog, a testomony to evolving menace designs. Let’s now take a look at the most important occasions that spotlight assault vectors and knowledge compromise incidents.

• Phishing emails initiated 67% of profitable ransomware assaults in North America.
• Software program vulnerabilities had been exploited in 32% of assaults, which is greater than double the share from 2022.
• Distant desktop protocol (RDP) compromise triggered 30% of intrusions in small to medium companies, particularly in manufacturing and logistics.
• Stolen credentials had been concerned in 29% of the ransomware instances, typically acquired through infostealer malware or darkish net marketplaces
• Almost 1 in 4 ransomware incidents started with entry by way of unmanaged third-party software program integrations.

Key ransomware statistics: Restoration time and mitigation methods 

The perfect mitigation methods for industries to nullify ransomware assaults are to spend money on heavy malware protection mechanisms and prepare their staff accordingly to identify menace patterns.

In accordance with G2, firms want to begin their mitigation technique with protection. It’s essential to know that even one compromised hyperlink can wreak havoc and trigger destruction.

Beneath is a rundown of main restoration and mitigation methods (each monetary and data-driven) opted for by firms.

• The typical ransomware fee in 2024 rose to $2.73 million, practically $ $1 million greater than the earlier 12 months.
• Solely 35% of the organizations totally recovered from a ransomware assault inside one week in 2024, down from 47% in 2023.
• 97% of victims who paid ransoms in 2024 regained entry to their knowledge, however solely 59% recovered all knowledge, highlighting unreliable decryptors.
• Cyber insurance coverage claims as a consequence of ransomware accounted for 58% of all large-value claims in H1 2024.
• Organizations with immutable backups reported 4x quicker restoration occasions and had been 50% much less prone to pay ransoms.

Vigilance shapes ransomware defenses

If there’s one factor these years of cybercrime evolution have taught us, it’s this: ransomware is a shifting goal. 

Risk teams have proven they will evolve quicker than defenses — creating new payloads, forming new alliances, and utilizing the newest tech to bypass even essentially the most resilient infrastructures. 

It’s essential to safeguard and monitor ransomware patterns to avoid these extortions, and offering full protection of safety is essential. 

Taking a look at previous proof, it’s secure to say that now could be the time to spend money on endpoint mechanisms and menace detection instruments. It will safe your methods, remove menace actors, and safeguard your knowledge and income.

Take a look at the perfect 50+ cybercrime statistics for 2025 to decipher the evolution of cybersecurity and the way organizations are constructing a stronger entrance line of protection.