7,655 Ransomware Claims in One Year: Group, Sector, and Country Breakdown

The sheer volume of ransomware claims—over 7,600 in just one year—underscores how pervasive extortion has become across the global digital ecosystem. While a handful of groups dominate the headlines, the long tail of 124 smaller actors collectively contributes more than half of all claims, revealing a resilient, decentralized threat market. This fragmentation means law‑enforcement takedowns or sanctions against any single gang will only marginally dent overall activity, compelling organizations to adopt broader, threat‑agnostic defenses.

Sector analysis shows manufacturing and technology firms bearing the brunt of ransomware pressure, together accounting for roughly 35% of sector‑attributed claims. These industries often operate critical production lines and rely on complex supply chains, making downtime especially costly and creating strong incentives for rapid ransom payment. Consequently, vendors and downstream partners must treat a leak‑site mention as a red flag, initiating immediate due‑diligence and contingency planning even when breach confirmation is absent.

The data also highlights a worrying upward trajectory: claim counts rose from an average of 521 per month in the first half of the observation window to 732 per month thereafter—a 40% increase. If this trend continues, annual claims could exceed 8,700, amplifying exposure for enterprises worldwide. Security leaders should therefore prioritize continuous monitoring of leak sites, enhance cross‑border incident response capabilities, and invest in resilience measures such as immutable backups and zero‑trust architectures to mitigate the growing ransomware tide.