91+ Raucous Statistics on Ransomware

Only half of businesses have a rigorous cybersecurity plan as of 2022. An additional 30% of businesses admit that they do not currently have a cybersecurity plan, but intend to create one. The remaining 20% don’t have a plan and do not intend to create one in the near future.

Why are all of these numbers significant?

Since only half of businesses have a cybersecurity plan, the other half are at a high risk of experiencing a ransomware attack.

Without an elaborate cybersecurity plan, bad actors can get into networks and block access to data. They will try to force you to pay a fee to regain access to your systems. Most hackers will also threaten to delete the data or publish it on the dark web if the ransom isn’t paid.

If this isn’t enough to convince you to develop a cybersecurity plan, or maybe update your existing plan, your organization will pay the price.

To help further convince you that every organization should develop a cybersecurity plan, here are 93 statistics on ransomware that showcase the reality of the devastating effects of ransomware.

What is Ransomware?

If you work in an industry that deals with electronic data, you’ve probably heard about the horrors surrounding ransomware. This type of attack leads to a loss of data, potentially losing a few million dollars, and the inability to continue business operations.

But what exactly is ransomware?

Ransomware is a specific type of malware. It may or may not involve encrypting a victim’s data. Many organizations can find themselves locked out of their computer network.

Once the malware has infected an organization's electronic systems, the bad actors will ask their victims to pay them, often in the form of cryptocurrency since it’s harder to trace back to the illegal activity. Once paid, the bad actors promise to unlock the computers or decrypt the stolen data.

However, the hackers don’t always keep their word.

There are many forms of ransomware. Governments, businesses, and municipalities deal with new types of ransomware threats all of the time. The three most widely reported ransomware families in Q1 2021 are REvil, Conti V2, and Lockbit.

You can see the top 10 most reported ransomware families, by percentage, below.

To make matters worse, hackers now offer their expertise as a service. Ransomware as a service (RaaS) came from the original software-as-a-service (SaaS) business model. For RaaS to work, the hackers license their ransomware program to another party or affiliate.

Hackers profit off of the RaaS model since they take the majority of the ransomware payment for themselves. Prolific hacker groups can take as little as 20% of a ransom since they steal so much money from around the world.

General Statistics on Ransomware

The 2020 pandemic caused major disruptions in the supply chains, business operations, and security measures. Remote work and hybrid arrangements forced businesses to reevaluate their cybersecurity measures.

This location shift led to a shocking increase in cybersecurity incidents. More specifically, the work-from-home environment led to significant changes in ransomware attacks.

Businesses of all sizes must understand the ransomware landscape. If you and your coworkers take the time to understand how ransomware attacks happen, you can take the necessary steps to protect your company.

Below are some general statistics on ransomware attacks that can shed some light on the situation…

• Since 2008, 80% of breaches had an external bad actor. (Verizon Data Breach Investigations Report 2022)
• 37% of organizations and companies endured a ransomware attack in 2021. (The State of Ransomware 2021)

• There were 50% more cyberattack attempts per week on companies globally in 2021 compared to 2020. (Dark Reading)
• Third-party breaches represented only 1% of the 2021 data set. (Verizon Data Breach Investigations Report 2022)
  • Verizon defines a third party as a company enduring a breach but is not the owner of the data.
• Roughly 40% of third-party breaches involved ransomware. (Verizon Data Breach Investigations Report 2022)
• Roughly 75% of breaches in 2020 happened because of privilege abuse. (Verizon Data Breach Investigations Report 2021)
  • The next main reason why breaches occur is data mishandling.
• 82% of breaches in 2021 involved some form of a human element. (Cybercrime Magazine)
  • This includes social attacks, errors, and misuse.
  • 25% of breaches involved social engineering attacks
• Businesses worldwide experienced a 25% increase in ransomware attacks during the 2020 pandemic. (Ponemon Institute Global Risk Report)
  • 26% of companies in the US reported an increase in ransomware attacks during COVID-19.
• 40% of ransomware attacks involve desktop sharing software. (Verizon Data Breach Investigations Report 2022)

• 35% of ransomware attacks involved some form of email usage. (Verizon Data Breach Investigations Report 2022)
• Companies using a below-average email provider or tool are 2 times more likely to experience some form of cyber claim. (Corvus Risk Insights Index, Q4 2021)
  • They are 45% more likely to experience a phishing claim.
• By 2031, experts estimate that a ransomware attack will occur every 2 seconds. (Cybercrime Magazine)

Ransomware Over Time

In the last few decades, the world has seen a rise in cyber attacks.

Hackers love to use ransomware because it makes them a quick profit. Therefore, with the general rise of cybercrime came an increase in ransomware attacks.

Understanding changes in ransomware over the last decade can prepare employees and businesses to prevent future attacks.

• 68.5% of organizations worldwide experienced a ransomware attack in 2021. (Statista, May 2021)
  • This is an increase from the previous three years, which are as follows:
    • 62.4% of organizations worldwide experienced an attack in 2020.
    • 56.1% of organizations worldwide experienced an attack in 2019.

• There was a 13% increase in ransomware attacks from 2020 to 2021. (Cybercrime Magazine)
  • This increase is equivalent to all of the ransomware attacks in 2015-2020 combined.
• Between Q2 2020 and Q1 2021, there was a steady rise in ransomware attacks. (Corvus Risk Insights Index, Q4 2021)
  • The frequency dropped by roughly 50% in Q2 2021.
    • Experts believe there is a connection to the shutdown of Darkside and REvil, two prolific ransomware groups, in May and July 2021.
  • It increased again in Q3 2021.
• Cyberattack attempts reached an all-time high in Q4 2021. (Dark Reading)
  • It jumped to 925 attempts a week per organization.
  • Experts believe this is due to the Log4j vulnerability
• Only 12% of companies paid ransoms in Q3 2021. (Corvus Risk Insights Index, Q4 2021)
  • This is down from…
    • 24% of companies in Q2 2021.
    • 26% of companies in Q1 2021.
    • 37% of companies in Q4 2020.
    • 44% of companies in Q3 2020.

• The ratio of ransoms demanded vs ransoms paid steadily declined between Q3 of 2020 and Q3 of 2021. (Corvus Risk Insights Index, Q4 2021)
• The average ransom paid in Q3 2021 was $290,000. (Corvus Risk Insights Index, Q4 2021)
  • This is down from an average of…
    • $114,000 in Q2 2021
    • $86,000 in Q1 2021
    • $104,000 in Q4 2020
    • $222,000 in Q3 2020
• Extortion-style ransomware attacks more than doubled between 2020 and 2021. (The State of Ransomware 2021)
  • These are situations where the data is not encrypted but the victim receives a ransom.
  • The 2020 rate of 3% rose to 7% in 2021.
• There were a total of 127 newly discovered ransomware families in 2020. (Statistia, April 2021)
  • There were 95 newly discovered ransomware families in 2019.
  • There were 222 newly discovered ransomware families in 2018.
  • There were 327 newly discovered ransomware families in 2017.
  • There were 247 newly discovered ransomware families in 2016.
  • There were 29 newly discovered ransomware families in 2015.
• There were 712 cases of large-scale cyber security breaches (involving 500 impacted records per breach) in 2021. (Statistia, June 2022)
  • This is up from…
    • 642 large-scale breaches in 2020.
    • 512 large-scale breaches in 2019.
    • 368 large-scale breaches in 2018.

Statistics on Ransomware Victims

Which kind of organizations do hackers like to target?

Unfortunately, that’s not a simple question to answer. Everyone’s at risk of falling victim to cybercriminals. Every industry and every step in the supply chain can become a target.

Some industries are more prone to ransomware attacks than others. The best way to prevent breaches is to learn from past victims.

Below are some statistics on ransomware victims, including industry, geographic, and organizational trends.

• Larger organizations have a higher chance of becoming the target of ransomware. (The State of Ransomware 2021)
  • 33% of companies with 100-1,000 employees experienced ransomware.
  • 42% of companies with 1,001-5,000 employees experienced ransomware.

• 15% of businesses worldwide experienced a ransomware attack in 2020. (Ponemon Institute Global Risk Report)
  • In the US, 17% of businesses reported the same.
• 57% of businesses and organizations said that cybercriminals succeeded in encrypting their data. (The State of Ransomware 2021)

• The education and research industry experienced 1,605 ransomware attacks in 2021. (Dark Reading)
  • This is 75% more than the previous year.
• Cyberattacks in the healthcare industry increased by 71% in 2021. (Cyber Security Intelligence)
  • Attacks on ISP/MSP industries were up by 67%.
  • Attacks on the communication industry were up by more than 51%
  • Attacks on the government and military sector were up by 47%.
• Software vendors experienced 146% more cyber attacks in 2021 compared to 2020. (Dark Reading)
  • This is the largest percent increase compared to other industries.
• The region with the largest percentage increase in cybercrime was Europe. (Cyber Security Intelligence)
  • Europe had a 68% increase in cyber attacks.
  • North America had a 61% increase in cyber attacks.
  • Latin America had a 38% increase in cyber attacks.
  • Asia and the Pacific had a 25% increase in cyber attacks.
  • Africa had a 13% increase in cyber attacks.

The Cost of Cybercrime

Enduring a ransomware attack can be very expensive for businesses. And it’s not just because of the ransom itself. When an organization’s data becomes encrypted by a bad actor, the business is basically on lockdown.

Downtime, wages, network costs, lost opportunities, and remediation efforts are all expenses organizations endure when hacked by cybercriminals.

Below are some scary statistics on ransomware costs that will make you want to improve your security efforts.

• The estimated cost of ransomware damages was $20 billion in 2021. (Cybercrime Magazine)
• Over 90% of breaches had a financial motivation in 2020. (Verizon Data Breach Investigations Report 2021)
  • Less than 10% of breaches had espionage or some other type of motivation.

• The average ransom paid increased 254% between Q2 2021 and Q3 2021. (Corvus Risk Insights Index, Q4 2021)
• The average bill a company pays for rectifying a ransom attack was $1.85 million. (The State of Ransomware 2021)
  • This considers downtime, wages, cost of devices, network costs, lost opportunity, the ransom itself, amounts other remediation efforts.
• The portion of forensic and recovery efforts in total costs of ransomware attacks rose from 30% to 52% in the last 4 years. (Corvus Risk Insights Index, Q4 2021)

• Business interruption costs shrunk from 35% to 12% in 2020 compared to the total claim costs. (Corvus Risk Insights Index, Q4 2021)
• 52% of total claim costs in 2020 were part of organizational breach response. (Corvus Risk Insights Index, Q4 2021)
• By 2031, experts estimate that ransomware will cost victims around $265 billion. (Cybercrime Magazine)
  • They calculated this amount using a 30% year-over-year growth in damage costs.
• The average ransom paid by mid-sized companies was about $170,400. (The State of Ransomware 2021)
  • Only 65% of organizations got their data back after paying the ransom.
• Due to the increase in ransomware between 2020 and 2021, experts say that businesses should expect the costs of ransomware to increase to $10 billion annually by 2026. (Cybercrime Magazine)

Conclusion

As you can see, there are several reasons why you should develop a digital security policy for your company. Not only can you reduce unneeded risks, but you can also reduce cybersecurity costs in the long run.

But even if you do everything right and take every last precaution against data breaches, they can still happen.

Hackers love to use ransomware attacks because, for them, it’s a lucrative form of illegal activity. The bad actors know companies can’t afford to lose their sensitive information or deal with long bouts of downtime.

Since you are bound to experience a ransomware attack in the next few years, you should update your incident response plan. Figuring out what to do if you fall victim to an attack can be tricky.