2025 State of Ransomware Report

The services industry recorded a 118% year-on-year increase in ransomware attack volume in 2025.

The healthcare sector accounted for 22% of all disclosed ransomware attacks in 2025.

The education sector saw ransomware attacks decrease by approximately 12% year-on-year in 2025.

Approximately 86% of ransomware attacks are never publicly reported.

The Qilin ransomware group claimed 1,115 victims in 2025, making it the most active ransomware group across disclosed and undisclosed attacks.

The Play ransomware group accounted for 5% of disclosed ransomware attacks in 2025.

The United States accounted for 58% of all recorded disclosed ransomware attacks in 2025.

Fifty-two new ransomware groups emerged in 2025, a 9% increase compared to 2024.

A total of 130 different ransomware groups carried out attacks in 2025.

Australia and the United Kingdom recorded 110 and 42 disclosed ransomware attacks respectively in 2025.

The United States suffered 3,768 undisclosed ransomware incidents in 2025.

Canada accounted for 6% and Germany accounted for 4% of undisclosed ransomware attacks in 2025.

Organizations across 135 countries, representing 69% of countries worldwide, were impacted by ransomware attacks in 2025.

Undisclosed ransomware victims announced on dark web leak sites totaled 7,079 in 2025, a 37% increase compared to 2024.

Publicly disclosed ransomware increased by 49% year-on-year, reaching 1,174 incidents, nearly four times higher than in 2020.

The INC ransomware group claimed 66 victims in undisclosed activity in 2025.

The Akira ransomware group was linked to 776 total recorded attacks in 2025.