RansomwareClock.org

Reported Cost of Ransomware Attacks 2025 YTD

Aggregated Estimate from Public and Private Sources, Reflects Reported Attacks Only. Actual cost estimated to be significantly higher.

The forecast for cybercrime in 2024 is harsh with attacks increasing in frequency, sophistication, and severity. We must work together to protect our companies and communities from the financial, operational, and emotional trauma of cyber-attacks.

Cyber Stats

$1.85m

average cost for remediation, business downtime, lost orders, operational costs, etc. 2X vs year ago. Recovery cost is 10X the size of the ransom payment. Sophos, The State of Ransomware 2021

93%

consider an organization's trustworthiness prior to purchasing. 59% would avoid doing business with a company cyberattacked in the past 12 months. Arcserve 2020 Survey

11 seconds

a new ransomware attack hits this year. Cybersecurity Ventures. (In the time it takes you to read this cyber stat, another business has been hit with a ransomware attack.)

207 days

days is the average time to identify a breach. Meaning the bad guys are in your system for over 6-months. IBM Security Cost of a Data Breach Report 2020.

Only 21%

of security professionals think their current security controls are adequate. Forrester State of Enterprise IoT Security in North America

21 days

days is the average downtime caused by a ransomware attack. Coveware Q4, 2020

Spotlight

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) was founded in 2018 and is a standalone United States federal agency, organized under the Department of Homeland Security (DHS). It exists to...

RECENT ATTACKS & NEWS

February 23, 2026

US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach

The Everest ransomware group has taken credit for a hacker attack on Vikor Scientific, now called Vanta Diagnostics. The post...

February 23, 2026

Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud

Oleksandr Didenko sold the stolen identities of US citizens, allowing North Koreans to get hired using freelance work platforms. The...

February 23, 2026

Autonomous AI Agents Provide New Class of Supply Chain Attack

While this campaign targets crypto wallets and steals money, the methodology has far wider potential that could be used by...

February 23, 2026

Romanian Hacker Pleads Guilty to Selling Access to US State Network

Catalin Dragomir admitted in a US court to selling access to an Oregon state government office’s network. The post Romanian...

February 23, 2026

Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS

Threat actors relying on AI have been exploiting exposed ports and weak credentials to take over FortiGate devices. The post...

February 23, 2026

Recent RoundCube Webmail Vulnerability Exploited in Attacks

Patched in December 2025, the exploited flaw leads to XSS attacks via the animate tags in SVG documents. The post...

February 23, 2026

Mississippi Hospital System Closes All Clinics After Ransomware Attack

A ransomware attack forced the University of Mississippi Medical Center to close all of its roughly three dozen clinics around...

February 23, 2026

PayPal Data Breach Led to Fraudulent Transactions

PayPal blamed an application error for the exposure of customer personal information for nearly 6 months. The post PayPal Data...

February 21, 2026

Critical Grandstream Phone Vulnerability Exposes Calls to Interception

The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post Critical...

February 20, 2026

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often...

PREVENTATIVE RESOURCES

Governmental and Law Enforcement

Legal Matters

Insurance Resources

In Case of Cyber Attack Emergency

If a ransomware incident occurs at your organization, CISA, FBI, and NSA recommend the following actions:

Follow the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide
Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
Report incidents immediately to CISA at https://us-cert.cisa.gov/report, a local FBI Field Office, or U.S. Secret Service Field Office
Apply incident response best practices found in the joint advisory from Australia, Canada, New Zealand, the United Kingdom, and the United States on Technical Approaches to Uncovering and Remediating Malicious Activity.

Contact your Local FBI Office - https://www.fbi.gov/contact-us/field-offices

Report a Complaint to the FBI’s Internet Criminal Complaint Center: www.IC3.gov

Technical Expertise/Crisis Communications

RansomwareClock.org

RansomwareClock.org

ALL RIGHTS RESERVED 2022

RansomwareClock.org

ALL RIGHTS RESERVED 2021