Ransomware attacks continue to surge across industries worldwide, with attackers targeting organizations that hold critical data and cannot afford extended downtime. A ransomware attack occurs approximately every 11 seconds globally, and 72% of organizations experienced ransomware attempts in 2025. Understanding the scope, frequency, and financial impact of these attacks is essential for organizations looking to strengthen their cybersecurity defenses. This data-driven breakdown provides current ransomware statistics covering attack frequency, ransom payments, recovery costs, and sector-specific targeting trends.
Ransomware attack volumes have grown steadily over the past five years, with approximately 2,200 attacks occurring daily worldwide. Annual attacks increased from 623,000 in 2021 to a projected 1,021,000 in 2025, representing consistent year-over-year growth of 13%. This steady increase reflects the proliferation of Ransomware-as-a-Service (RaaS) platforms that lower the technical barrier for cybercriminals to launch sophisticated attacks. The trend demonstrates how ransomware has evolved from isolated incidents to a systematic threat affecting organizations across all industries.
The average ransom payment in 2025 reached $1.82 million across all organization sizes, though ransom demands vary significantly based on organizational revenue and operational scale. Enterprise organizations face average ransom payments of $2.4 million, while small businesses average $485,000 and very small businesses average $115,000. However, 64% of ransomware victims refused to pay in 2024, up from 50% in 2022, reflecting improved backup strategies and law enforcement guidance discouraging ransom payments. Total recovery costs extend far beyond ransom amounts, with the global average cost to recover from a ransomware attack falling 44% to $1.53 million in 2025, though sector-specific costs remain substantially higher due to regulatory requirements and operational complexity.
Manufacturing is the most targeted sector, accounting for 25% of ransomware attacks and experiencing production shutdown rates of 78%. Healthcare retained its position as the second-most targeted sector, accounting for 22% of disclosed attacks in 2025, with a notable 45% year-over-year increase in incidents. Financial services, government, education, retail, and energy/utilities sectors collectively account for the remaining 53% of attacks. Manufacturing's heavy targeting reflects production shutdown risks that create immense pressure to pay ransoms quickly, while healthcare faces unique risks due to life-critical systems and patient safety concerns.
Healthcare organizations face disproportionate ransomware impact, with 66% of healthcare organizations hit in 2025 and 96% of healthcare attacks involving data exfiltration. The average ransom demand in healthcare plummeted 91% to $343,000 in 2025 from $4 million in 2024, yet average recovery costs remain substantial at $2.57 million due to operational disruption and regulatory compliance requirements. Average healthcare downtime extends 24 days per incident, and the average data breach cost in healthcare reached $7.42 million. Healthcare ransomware incidents increased 45% year-over-year, with disclosed attacks surging to record levels despite declining individual ransom demands.
Manufacturing ransomware economics shifted in 2025, with average ransom demands falling 20% to $1.2 million from $1.5 million in 2024. However, extended downtime averaging 26 days and supply chain disruption rates of 62% drive total recovery costs to $2.41 million, significantly higher than ransom payments alone. Data exfiltration occurs in more than 70% of ransomware attacks globally, with encryption rates in healthcare attacks reaching 81%. These statistics reveal how ransomware threatens operational continuity across industries and underscore the importance of comprehensive security strategies that extend beyond ransom negotiation to include prevention, detection, and rapid recovery capabilities.