Each dot represents the location of a ransomware attack, with the color of the dot indicating the sector affected (healthcare, education, government, and business).

This map updates daily and pinpoints the locations of each ransomware attack in the world, from 2018 to the present day. Where available, it includes the ransom amount, whether or not the ransom was paid, the entity, sector, and industry that was targeted, and the strain of ransomware used. Our researchers search through country reports, industry news, and cybersecurity databases to find the latest ransomware attacks on worldwide businesses, healthcare organizations, educational institutions, and government agencies.


View our in-depth map of US ransomware attacks (updated daily) here.

2022 key findings

According to the publicly-reported ransomware attacks collated by Comparitech researchers, 2022 saw:

  • 795 attacks–nearly half the number recorded in 2021 (1,365)
  • An average ransom demand of $7.2 million–just over $1m less than the average demand in 2021 ($8.2 million)
  • 115,856,886 records impacted–more than double the number impacted in 2021 (49.8 million)
  • An average of 559,695 records were impacted per attack–nearly five times 2021’s average of 119,114

When broken down by industry:


  • 423 attacks
  • An average ransom demand of $7.8 million
  • 103,740,344 records impacted
  • An average of 864,503 records impacted per attack


  • 104 attacks
  • An average ransom demand of $3.7 million
  • 830,578 records impacted
  • An average of 46,143 records impacted per attack


  • 151 attacks
  • An average ransom demand of $9.8 million
  • 869,690 records impacted
  • An average of 62,121 records impacted per attack


  • 117 attacks
  • An average ransom demand of $3.6 million
  • 10,416,274 records impacted
  • An average of 189,387 records impacted per attack


Our researchers have searched through country cybersecurity reports, high-authority news articles, and extensive cybersecurity databases to collate this list of ransomware attacks. Where possible, we have only included the names of companies that have been confirmed by relevant authorities or the companies themselves. This is the same for ransoms that have or have not been paid. Some may assume an entity has paid a ransom after data disappears from a hacker’s website, however, we do not make this assumption.

From April 1, 2023, we have also logged unconfirmed ransomware attacks posted on hackers’ websites. In these cases, we omit the company name until we can confirm the attack.

For a full list of sources, please request access here.

Data researchers: Charlotte Bond, Rebecca Moody