RansomwareClock.org

Reported Cost of Ransomware Attacks 2025 YTD

Aggregated Estimate from Public and Private Sources, Reflects Reported Attacks Only. Actual cost estimated to be significantly higher.

The forecast for cybercrime in 2024 is harsh with attacks increasing in frequency, sophistication, and severity. We must work together to protect our companies and communities from the financial, operational, and emotional trauma of cyber-attacks.

Cyber Stats

$1.85m

average cost for remediation, business downtime, lost orders, operational costs, etc. 2X vs year ago. Recovery cost is 10X the size of the ransom payment. Sophos, The State of Ransomware 2021

93%

consider an organization's trustworthiness prior to purchasing. 59% would avoid doing business with a company cyberattacked in the past 12 months. Arcserve 2020 Survey

11 seconds

a new ransomware attack hits this year. Cybersecurity Ventures. (In the time it takes you to read this cyber stat, another business has been hit with a ransomware attack.)

207 days

days is the average time to identify a breach. Meaning the bad guys are in your system for over 6-months. IBM Security Cost of a Data Breach Report 2020.

Only 21%

of security professionals think their current security controls are adequate. Forrester State of Enterprise IoT Security in North America

21 days

days is the average downtime caused by a ransomware attack. Coveware Q4, 2020

Spotlight

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) was founded in 2018 and is a standalone United States federal agency, organized under the Department of Homeland Security (DHS). It exists to...

RECENT ATTACKS & NEWS

May 6, 2026

Autonomous Offensive Security Firm XBOW Raises $35 Million

The company raised another $35 million as an extension to its previously announced Series C funding round. The post Autonomous...

May 6, 2026

Herd Security Raises $3 Million for AI-Powered Training Platform

The startup will invest in expanding its training categories, optimizing video generation, and growing its partnership ecosystem. The post Herd...

May 6, 2026

Iranian APT Intrusion Masquerades as Chaos Ransomware Attack

Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data theft. The post Iranian APT Intrusion...

May 6, 2026

Romanian Extradited to US for Role in Hacking Scheme 17 Years Ago

Gavril Sandu, 53, was indicted in 2017, but was arrested and extradited to the United States only in 2026. The...

May 6, 2026

CISA: Critical Infrastructure Must Master Isolation, Recovery

The agency has issued guidance to help critical infrastructure operators prepare for cyberattacks by foreign threat actors. The post CISA:...

May 6, 2026

Sophisticated Quasar Linux RAT Targets Software Developers

The persistent, evasive implant provides remote access, surveillance, and credential exfiltration capabilities. The post Sophisticated Quasar Linux RAT Targets Software...

May 6, 2026

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems. The post...

May 6, 2026

Oracle Debuts Monthly Critical Security Patch Updates

Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster. The post Oracle Debuts Monthly...

May 6, 2026

Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls

CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks...

May 5, 2026

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM....

PREVENTATIVE RESOURCES

Governmental and Law Enforcement

Legal Matters

Insurance Resources

In Case of Cyber Attack Emergency

If a ransomware incident occurs at your organization, CISA, FBI, and NSA recommend the following actions:

Follow the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide
Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
Report incidents immediately to CISA at https://us-cert.cisa.gov/report, a local FBI Field Office, or U.S. Secret Service Field Office
Apply incident response best practices found in the joint advisory from Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity.

Contact your Local FBI Office - https://www.fbi.gov/contact-us/field-offices

Report a Complaint to the FBI’s Internet Criminal Complaint Center: www.IC3.gov

Technical Expertise/Crisis Communications

RansomwareClock.org

RansomwareClock.org

ALL RIGHTS RESERVED 2022

RansomwareClock.org

ALL RIGHTS RESERVED 2021