Ransomware Statistics
2025-2026

 

How we track ransomware activity.

Ransomware remains a significant and growing threat. We examine ransomware attacks by extracting posts from ransomware-dedicated leak sites (DLS) and then use generative AI to identify the victim, their location, and sector. Contact us for a detailed analysis tailored to your company—covering ransomware groups, attack patterns, and strategies to protect your extended attack surface. Below, explore ransomware attack statistics from 2025-2026, updated monthly.

Ransomware attacks 2025-2026

Ransomware activity is expected to remain a significant cybersecurity threat in Q2 2026, with increasing sophistication and targeted attacks on critical sectors like healthcare and finance. Double extortion tactics, where attackers encrypt data and threaten to release it, will likely continue, alongside the proliferation of Ransomware-as-a-Service (RaaS) models. The use of cryptocurrencies for ransom payments is expected to persist despite regulatory scrutiny. Supply chain attacks may rise, amplifying the impact on multiple organizations. In response, organizations are anticipated to invest more in preventive measures, incident response strategies, and employee training, while governments and international bodies enhance efforts to combat ransomware through legislation and cooperation.

Most active ransomware groups

In the past 12 months, ransomware has been on the rise and led by Qilin with an estimated 1432 attacks. Below are the top ransomware victims per group.

Top ransomware victims per country

In the past 12 months, United States led all countries with 3950 attacks, or 35.8% of the total. Below are the top ransomware victims per country.

Top 10 countries

Top ransomware victims per sector

In the past 12 months, Manufacturing led all sectors with 1553 attacks, or 28% of the total. Below are the top ransomware victims per industry.

More signal, less noise. Latest ransomware headlines from Bitsight Pulse.

  • 2026-07-02 | City of Acworth attacked by INC Ransom ransomware group
    The city of Acworth, Georgia, known for its scenic location and vibrant community, has been targeted by the INC Ransom group in a…
  • 2026-07-02 | Northeast Pediatrics & Adolescent Medicine attacked by Anubis ransomware group
    Northeast Pediatrics & Adolescent Medicine, located in Ithaca, NY, has been targeted by the Anubis ransomware group. The practice…
  • 2026-07-01 | Digital Dynamics attacked by Brain Cipher ransomware group
    The Brain Cipher group has targeted Digital Dynamics in a ransomware attack. The attackers have listed the company on their leak …
  • 2026-07-01 | Golden State Orthopedics & Spine attacked by Brain Cipher ransomware group
    The Brain Cipher group has claimed responsibility for a ransomware attack on Golden State Orthopedics & Spine, a company with the…
  • 2026-07-01 | Eagle Crest Communities attacked by safepay ransomware group
    Eagle Crest Communities, a nonprofit senior healthcare organization based in La Crosse, Wisconsin, has been targeted in a ransomw…

Bitsight Pulse consolidates the latest cybersecurity news, ransomware events and data breaches from hundreds of deep web, dark web, social and OSINT sources. Using Bitsight AI, Bitsight Pulse filters and personalizes these news events to your interests.

Free Benchmark Report

Free, customized cyber risk benchmark report

This custom report provides key takeaways regarding your company’s cybersecurity posture (likelihood of breach, industry benchmarks, and threat insights) using Bitsight data that has been independently verified to have the strongest correlation to the likelihood of a cyber incident.