Government Agencies Falling Victim to Ransomware Daily, Warns Study

The number of ransomware attacks which target government departments and agencies has risen to the extent that one has its services restricted by encryption every single day.

The figure comes from analysis by researchers at Comparitech, who studied ransomware incidents which targeted government entities between January and June 2026.

The research, published on July 16, recorded that 187 government organizations were hit with ransomware during the first six months of 2026. That represents a 13% increase on the 165 ransomware attacks recorded during the second half of 2025.

The increase in recorded ransomware events is notable because the figure of 187 incidents across 182 days means that the average number of ransomware attacks against government bodies now stands at an average of one every day.

Of those 187 recorded incidents, just over half (89) were publicly confirmed by the organization which was hit.

Government agencies are potentially lucrative targets for cybercriminal ransomware groups because of the amount of disruption to public services a successful encryption of systems can cause and the volume of sensitive data on the general public that the organizations carry.

“From weeks-long disruptions due to system encryption to extensive data breaches, governments are the ideal target for hackers,” said Rebecca Moody, head of data research at Comparitech.

This significantly increases the potential of the victim paying the ransom for a decryption key, rather than attempting to take much longer to independently restore services that the public are reliant on.

US Biggest Ransomware Target

The most common target for ransomware attacks against government agencies during the six-month period was the US, which accounted for 31% of attacks.

Every other country with reported ransomware incidents only accounted a single figure percentage of recorded incidents, with Germany (7%), Spain (4%) and Italy (4%) the highest affected countries. The disparity between the US and other countries is likely down to its significantly higher population than many other countries.

Read More: Why Ransomware Remains One of Cybersecurity’s Most Persistent and Costly Threats

The mean ransom demand to government agencies during the period was $100,000 – likely an acknowledgement by the attackers that if they set their demand too high, especially to an organization which is funded by taxpayers, it is less likely to be paid.

However, there were some outliers. The most significant was a $3.1m ransom demand to the Land and Agricultural Development Bank of South Africa following a cyber-attack in January 2026. The organization refused to pay the ransom, and systems were only restored in April.

This attack was carried out by an unknown assailant, but many of the other ransomware incidents could be attributed to known groups. The most common attackers between January and June were The Gentlemen (10%), Qilin (9%) and LockBit (7%).

Ransomware groups often take advantage of common, well publicized cybersecurity vulnerabilities.

According to Comparitech’s Moody, the best way for organizations to avoid falling victim to a ransomware attack is with a proactive cyber defense strategy.

“Keeping systems up to date, patching vulnerabilities as soon as they’re flagged, carrying out regular backups, and making sure employees are regularly trained and are on high alert at all times are crucial to mitigating the risks of attacks,” she said.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *