Forbes names Spin.AI to its prestigious America's Best Startup Employers 2025 list. Read More
+1 888-883-2993 Login Support

Recent Ransomware Attacks

72% Organizations worldwide impacted by ransomware

Your organization operates in an ever-expanding cyber-threat landscape where a single incident can have devastating consequences on your operational continuity, financial stability, and market position. In this challenging landscape, ransomware is one of the most critical threats facing your business.

2024 was a particularly “successful” year for ransomware attackers, with a recent report from cybersecurity company CyberArk revealing that nearly 90% of organizations were targeted, compared to 89% in 2023. The financial fallout of such incidents can be devastating, with some experts predicting that damage costs could exceed $265 billion by 2031.

All in all, ransomware can have potentially catastrophic and financially ruinous consequences for your organization in 2025. 

Recent Ransomware attacks in 2025

Some of the most impactful ransomware attacks in 2025 so far are:

  • AWS: A new ransomware threat called Codefinger targets users of AWS S3 buckets and makes recovery without payment impossible. 
  • Delta County Memorial Hospital District and River Region Cardiology: Attacks on the healthcare sector continue in 2025 with a recent ransomware attack that affected 500,000 individuals and exposed full names, dates of birth, and social security numbers.
  • American Standard: This major manufacturer was hacked by RansomHub showing that ransomware-as-a-service continues to be a trend in 2025 and makes it easy for cybercriminals to launch attacks.

Recent Ransomware attacks in 2024

Some of the most impactful ransomware attacks in 2024 were:

  • Change Healthcare: It led to the compromise of the protected health information of 100 million individuals and is expected to cost the company $2.457 billion, making it the largest ever healthcare breach reported in the US.
  • Starbucks: A ransomware attack on supply chain management software provider Blue Yonder affected the scheduling and payroll capabilities of 11,000 Starbucks stores across the USA.
  • AT&T: A breach of its Snowflake cloud environment forced the company to (reportedly) pay a $370K ransom in exchange for the deletion of the call records of 100+ million users.
  • Deloitte UK: A ransomware group claimed to have obtained over 1TB of data belonging to the company, raising concerns about the security preparedness of major consulting firms.
  • CDK Global: An attack affected 10K+ US car dealerships using its software, leading to collective losses of $1 billion.

Not convinced?

Check out our comprehensive and real-time ransomware tracker!

This tracker contains useful information about ransomware-related attacks going back to 2014. Plus, it’s updated weekly so you will get all the latest information right here.

Download it for free – and take the first step towards protecting your organization from this insidious threat.

Ransomware Tracker (2014 – 2025)

Receive our Ransomware report in .pdf

Ransomware Basics

Ransomware is one of the most common and fastest-evolving cyberthreats to organizations. CISA defines it as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable”. To recover these locked files, you need a digital key (decryptor) that the attacker promises to provide – but only if you cough up the ransom. Unfortunately, not all attackers keep their promises: in 2024, 84% of victims paid ransoms but only 47% got their data back uncorrupted.

Early “lockerware” variants of ransomware locked victims out of their machines. These evolved into variations that encrypted victims’ files and displayed a ransom note on the locked device. From such indiscriminate, “spray and pray” tactics, ransomware attacks have evolved into highly sophisticated campaigns designed to yield high payouts and often targeting specific industries or organizations, such as government entities, critical infrastructure providers, private sector firms, and educational institutions.

Many attackers have also adopted “double-extortion” techniques in which they not only encrypt data, but also threaten to sell, leak, or publish the exfiltrated data if the victim doesn’t pay up. The growth of “ransomware-as-a-Service” (RaaS) makes it even easier for adversaries to distribute devastating ransomware strains and execute large-scale attacks at will.

Did you know?

  •  In 2024, 16.3% of organizations that were hit by ransomware were forced to pay ransoms to recover their data (up from 6.9% in 2023).
  • Ransomware payments skyrocketed to record highs, with total payments of $459.8 million.
  • The average ransom demand per attack exceeded $5.2 million in just H1 2024.
  • The average attack cost was $4.91 million, making ransomware the third-costliest cyberattack of 2024.
  • 46% of security professionals estimate that their organizations suffered losses of $1-10 million in terms of ransom fees, lost revenues, and brand damage.
  • 78% of organizations attacked in 2023 were breached again in 2024; 63% of these were asked to pay even higher ransoms the second time.
  • In 2024, 56% of attacked organizations didn’t detect a ransomware breach for 3-12 months, indicating a low level of awareness and preparedness to this threat.
  • Also, only 22% of attacked organizations recovered from an attack within a week, indicating a worrying increase in recovery times.
  • Organizations with good cybersecurity hygiene have a 35X lower frequency of experiencing destructive ransomware events, which shows that hygiene plays an important role in reducing the impact of ransomware attacks.

Ransomware Threats and Incidents Continue in 2025

Ransomware remains a common, global cyberthreat in 2025, with thousands of organizations hit, particularly in the healthcare, education, local government , and critical infrastructure sectors. That said, organizations in every industry are vulnerable to this growing threat so it’s crucial for them to take measures to prevent attacks and protect their assets and data. One important measure is to implement a reliable ransomware detection and response solution like SpinRDR. Check out this guide to learn how you can choose the right solution for your organization!

Related blog posts

Everything You Need to Know about Google Drive Ransomware Recovery
Google Workspace Ransomware Protection

Everything You Need to Know about Google Drive Ransomware Recovery

Article Summary:  Ransomware is a major threat to businesses, and Google Drive is not immune....

Avatar photo

Vice President of Product

Read more February 28, 2025
Ransomware Protection for MSPs: How to Keep Your Business and Clients Protected
Google Workspace Ransomware Protection Microsoft 365 Ransomware Protection

Ransomware Protection for MSPs: How to Keep Your Business and Clien...

MSP and Ransomware Protection Summary MSPs are prime ransomware targets due to their access to...

Avatar photo

Vice President of Product

Read more February 14, 2025
Brewing Trouble: How a Starbucks Ransomware Attack Poured Cold Water on Operations
Google Workspace Ransomware Protection Microsoft 365 Ransomware Protection

Brewing Trouble: How a Starbucks Ransomware Attack Poured Cold Wate...

Cybercriminals often carry out attacks around holidays as this helps to ensure the most amount...

Avatar photo

Vice President of Product

Read more December 5, 2024

Recognition

Custom Image

Forbes 500 America’s Best Startup Employers 2025
Custom Image

Strong Performer, Forrester Wave SSPM report
Custom Image

Representative Vendor, Backup as a Service
Custom Image

Strong Performer, GigaOm SSPM Radar Report
Custom Image

3x Global infoSec Award Winner, Cyber Defense magazine
William PenroseViktoriia SirochukDaniel Hegedus

Book a Demo with Spin.AI

Schedule a 30-minute personalized demo with our security engineer

Request a Demo

See SpinOne in Action

Get a 30 minute personalized demo with a Spin.AI security engineer. Learn how to:

Mitigate Risk
Reduce Downtime
Respond to Security Incidents
Save Time
Lower Recovery Costs
Improve Compliance

Customers Love Us

Toronto Metropolitan University
Domino's Pizza
SADA
Vimeo
General Catalyst

Industry Leader

Recommended by

Google
Fortinet

Recognized by

Forbes
Spin.ai Gartner inclusion
Spin.ai Forrester recognition
Gigaom
Frost & Sullivan

Gartner Logo Peer Insights
4.7

G2 Logo G2 Crowd Reviews
4.8

Google Logo Google Marketplace
4.8

Microsoft Logo Azure Marketplace
4.9

Request a Demo

Almost there...

Now Book a Time

Step 3 of 3