7,655 Ransomware Claims in One Year: Group, Sector, and Country Breakdown
5 hours ago
- #data-analysis
- #ransomware
- #cybersecurity-threats
- From March 2025 to March 2026, ransomware groups posted 7,655 victim claims to leak sites, averaging about 20 per day or one new organization every 71 minutes.
- The top five groups (Qilin, Akira, INC Ransom, Play, Safepay) accounted for 40% of all claims, with Qilin alone posting 1,179 claims across 74 countries.
- Manufacturing (890 claims) and Technology (843 claims) were the most targeted sectors, followed by Healthcare, Construction, and Financial Services.
- The United States was the most targeted country, with 3,101 claims (40% of the total), followed by Germany, Canada, the United Kingdom, and France.
- Claim volume increased by 40% in the second half of the observation period, with December 2025 being the peak month at 861 claims.
- The ecosystem is fragmented, with 129 active groups; disrupting a single group is unlikely to significantly reduce overall volume due to the long tail of activity.
- Ransomware risk implications include heightened vendor and supply chain risk, upward trends in attack volume, and a widespread geographic impact across 141 countries.