Ransomware attacks continue to surge across industries worldwide, with attackers targeting organizations that hold critical data and cannot afford extended downtime. Understanding the scope, frequency, and financial impact of these attacks is essential for organizations looking to strengthen their cybersecurity defenses.
This data-driven breakdown provides current ransomware statistics covering attack frequency, ransom payments, recovery costs, and sector-specific targeting trends. Whether you're in healthcare, manufacturing, government, or financial services, these statistics reveal how ransomware threatens operational continuity and how much organizations pay to recover.
Key Ransomware Statistics
- A ransomware attack occurs approximately every 11 seconds globally
- 72% of organizations experienced ransomware attempts in 2025
- The average ransom payment in 2025 reached $1.82 million
- Manufacturing accounts for roughly 25% of ransomware attacks
- Healthcare incidents increased 45% year-over-year
- The average ransomware recovery cost exceeds $2.73 million
- Data exfiltration occurs in more than 70% of ransomware attacks
Ransomware Attack Frequency by Year
Understanding how ransomware attack volumes have evolved helps organizations anticipate future threats and allocate security resources appropriately.
Year | Estimated Annual Attacks | Year-Over-Year Change |
|---|---|---|
2021 | 623,000 | +13% |
2022 | 704,000 | +13% |
2023 | 800,000 | +14% |
2024 | 904,000 | +13% |
2025 (projected) | 1,021,000 | +13% |
Key Insights:
- Ransomware attacks have grown steadily over the past five years, with approximately 2,200 attacks occurring daily worldwide.
- This consistent increase reflects the proliferation of Ransomware-as-a-Service (RaaS) platforms that lower the technical barrier for cybercriminals to launch sophisticated attacks.
Ransom Payment Amounts by Organization Size
Ransom demands vary significantly based on organizational revenue, operational scale, and perceived ability to pay.
Organization Size | Average Ransom Payment | Median Ransom Demand |
|---|---|---|
Enterprise (5,000+ employees) | $2.4 million | $850,000 |
Large Business (1,000–4,999) | $1.82 million | $600,000 |
Mid-Market (250–999) | $950,000 | $380,000 |
Small Business (50–249) | $485,000 | $175,000 |
Very Small Business (<50) | $115,000 | $65,000 |
Key Insights:
- The average ransom payment across all organization sizes reached $1.82 million in 2025.
- 64% of ransomware victims refused to pay in 2024, up from 50% in 2022, reflecting improved backup strategies and law enforcement guidance discouraging ransom payments.
Ransomware Recovery Costs by Industry
Total recovery costs extend far beyond ransom payments, including downtime, remediation, legal fees, and reputational damage.
Industry | Average Recovery Cost (Excluding Ransom) | Average Downtime |
|---|---|---|
Healthcare | $2.57 million | 24 days |
Financial Services | $2.83 million | 18 days |
Manufacturing | $2.41 million | 26 days |
Government | $2.83 million | 21 days |
Education | $1.92 million | 19 days |
Retail | $2.15 million | 22 days |
Energy/Utilities | $3.12 million | 28 days |
Key Insights:
- The global average cost to recover from a ransomware attack fell 44% to $1.53 million in 2025.
- Sector-specific costs remain substantially higher due to regulatory requirements, operational complexity, and patient or public safety considerations.
Ransomware Attacks by Industry Sector
Certain industries face disproportionate targeting due to operational urgency, valuable data, and perceived willingness to pay.
Industry | Percentage of Total Attacks | Year-Over-Year Change |
|---|---|---|
Manufacturing | 25% | +12% |
Healthcare | 22% | +45% |
Financial Services | 14% | +16% |
Government | 11% | +8% |
Education | 9% | -13% |
Retail | 8% | +11% |
Energy/Utilities | 6% | +37% |
Other | 5% | +9% |
Key Insights:
- Manufacturing is the most targeted sector due to production shutdown risks, which create immense pressure to pay ransoms quickly.
- Healthcare retained its position as the second-most targeted sector, accounting for 22% of disclosed attacks in 2025.
Healthcare Ransomware Statistics Breakdown
Healthcare organizations face unique ransomware risks due to life-critical systems, patient safety concerns, and strict regulatory requirements.
Metric | Value |
|---|---|
Healthcare organizations hit (2025) | 66% |
Average ransom payment (healthcare) | $343,000 |
Average recovery cost (healthcare) | $2.57 million |
Average data breach cost (healthcare) | $7.42 million |
Attacks involving data exfiltration | 96% |
Average downtime (healthcare) | 24 days |
Encryption rate (healthcare attacks) | 81% |
Key Insights:
- Healthcare ransomware incidents increased 45% year-over-year, with disclosed attacks surging to record levels.
- The average ransom demand in healthcare plummeted 91% to $343,000 in 2025 (from $4 million in 2024), though recovery costs remain substantial due to operational disruption and regulatory compliance requirements.
Manufacturing Ransomware Statistics Breakdown
Manufacturing organizations experience severe operational impact from ransomware due to production dependencies and supply chain disruption.
Metric | Value |
|---|---|
Manufacturing organizations targeted | 25% of all attacks |
Average ransom demand (manufacturing) | $1.2 million |
Average recovery cost (manufacturing) | $2.41 million |
Average downtime (manufacturing) | 26 days |
Production shutdown rate | 78% |
Supply chain disruption rate | 62% |
Key Insights:
- Manufacturing ransomware economics shifted in 2025, with average ransom demands falling 20% to $1.2 million (from $1.5 million in 2024).
- However, extended downtime and supply chain disruption drive total recovery costs significantly higher than ransom payments alone.
About ORDR
ORDR is the platform where device intelligence becomes a safe, enforceable action. Healthcare, manufacturing, and critical infrastructure organizations use ORDR to reduce risk across connected devices without disrupting operations.
Recognized as a KLAS Market Leader in Healthcare IoT Security, ORDR delivers complete visibility across IT, IoT, OT, and medical devices, then turns that intelligence into continuous, real-world protection. ORDR's passive network analysis and behavioral AI continuously understand every device and safely enforce controls without agents or disruption.
Trusted by 500+ enterprises globally, ORDR helps organizations protect against ransomware and other cyber threats by discovering unmanaged devices, detecting behavioral anomalies, and enabling secure network segmentation that prevents lateral movement during active attacks.
Learn how ORDR can help your organization strengthen ransomware defenses.
SCHEDULE A DEMO
Sources
- Bluefire Redteam. "Ransomware Statistics 2025: Attack Frequency, Payments, Costs & Industry Impact." March 2026.
- Mimecast. "Ransomware Statistics 2025: Attack Rates and Costs." 2025.
- Varonis. "Ransomware Statistics, Data, Trends, and Facts [updated 2026]." February 2026.
- HIPAA Journal. "Healthcare Sector Most Targeted by Ransomware Groups as Attacks Increase 49% YOY." February 2026.
- Sophos. "The State of Ransomware in Healthcare 2025." 2025.
- Verizon. "2025 Data Breach Investigations Report." 2025.
- IBM. "Cost of a Data Breach Report 2025." 2025.
- Chainalysis. "The 2025 Crypto Crime Report." 2025.