Each dot represents the location of a ransomware attack, with the color of the dot indicating the sector affected (healthcare, education, government, and business).

This map updates daily and pinpoints the locations of each ransomware attack in the world, from 2018 to the present day. Where available, it includes the ransom amount, whether or not the ransom was paid, the entity, sector, and industry that was targeted, and the strain of ransomware used. Our researchers search through country reports, industry news, and cybersecurity databases to find the latest ransomware attacks on worldwide businesses, healthcare organizations, educational institutions, and government agencies.

While we have tried to accurately pinpoint the head office of the company or organization involved in the attack, the specific locations are only designed to be used for illustrative purposes. 


View our in-depth map of US ransomware attacks (updated daily) here.


Our researchers have searched through country cybersecurity reports, high-authority news articles, and extensive cybersecurity databases to collate this list of ransomware attacks. Where possible, we have only included attacks that have been confirmed by relevant authorities or companies. This is the same for ransoms that have or have not been paid. Some may assume an entity has paid a ransom after data disappears from a hacker’s website, however, we do not make this assumption.

For a full list of attacks and sources, please request access here.

Data researchers: George Moody, Rebecca Moody