Ransomware is a type of malware that threatens to destroy or withhold a victim’s critical data unless a ransom is paid to the attacker. Unfortunately, this type of cyberattack is on the rise — ransomware was named the top threat type for 2021, and attacks increased over 140% in Q3 of 2021 alone.
Ransomware attacks are more prevalent than ever, and they’re wreaking havoc across a range of industries. This became especially apparent amid COVID-19, which provided new opportunities for attackers — ransomware attacks surged by 148% in March of 2020.
Read on to learn about the most important ransomware statistics that will be vital for security in 2023 and beyond, along with prevention tips and how to ensure your organization is prepared for an attack. (or jump to our infographic below!)
Key Ransomware Attack Trends
As the cyber threat landscape continues to evolve, a few key trends can be seen in the ongoing rise of ransomware attacks.
The Rise of Double Extortion: Attack Methods Are Evolving
In years past, ransomware was mainly accomplished by single extortion, where attackers encrypt an organization’s data and demand a ransom in exchange for a decryption key. Now, ransomware groups are exfiltrating victims’ data to an offsite location before encryption, then threatening to leak or publish the data if a ransom isn’t received. The combined threat of encryption and data exfiltration is a form of double extortion, and threat actors are increasingly leveraging this attack method as it proves to be more profitable.
Ransom Demands Are Increasing
As new approaches to ransomware like double extortion continue to pay off, attackers are demanding higher ransom payouts than ever before. The average ransom demand in the first half of 2021 amounted to $5.3 million — a 518% increase compared to 2020. The average ransom payment has also increased by 82% since 2020, reaching a whopping $570,000 in the first half of 2021 alone.
Increase in Ransomware-as-a-Service
While home users were once the main target for ransomware attacks, threat actors today are targeting large enterprise networks with more frequency. As a result, the evolution of ransomware-as-a-service, or RaaS, has gained increasing traction.
RaaS is a type of pay-for-use malware that allows cybercriminals to purchase ransomware tools that have already been developed in order to carry out large-scale ransomware attacks. RaaS is an affiliate program in nature — for every successful ransom payment made, the creators of the tools receive a percentage.
Since RaaS allows cybercriminals with even elementary technical skills to deploy a ransomware attack, the RaaS business model will continue to fuel the threat landscape in 2023.
The Industrial Goods and Services Sector Is the Largest Target
While ransomware remains one of the most widely used attack methods across all sectors, the industrial goods and services sector was the most targeted in 2021. One of the most high-profile attacks to hit this sector was the DarkSide ransomware attack against Colonial Pipeline in May 2021.
Colonial Pipeline is one of the largest fuel pipeline operators in the United States; they provide roughly 45% of the East Coast’s fuel supply, and transport over 100 million gallons of fuel across the country daily. The DarkSide attack forced the company to halt all pipeline operations and IT systems, which led to a gas shortage across the East Coast. Colonial Pipeline ultimately paid a ransom of close to $5 million to decrypt the locked systems.
Critical infrastructure networks like Colonial Pipeline’s are increasingly growing targets of ransomware, especially as RaaS schemes become more widespread. This is likely due to the nature of the industrial services industry, as it provides goods and services that are vital to the economy and daily flow of business. Interrupting this sector has a threatening impact that is more likely to result in a ransom payoff for attackers.
How Common Were Ransomware Attacks in 2021?
Ransomware attacks are one of the fastest-growing cyber threats in recent history — reports of ransomware incidents increased 62% in 2021 compared to 2020. Ransomware was also the third most used cyberattack method in 2021, accounting for 10% of all data breaches. This explosive uptick in attacks is expected to continue in 2023 and beyond.
- Globally, there were 304.7 million ransomware attacks in the first half of 2021, a 151% increase since 2020. (SonicWall)
- Ransomware attacks experienced annually by organizations have been on the rise since 2018, peaking at 68.5% in 2021. (Statista)
- 80% of organizations were hit by a ransomware attack in 2021. (Claroty x Forbes)
- There were 121 reported ransomware incidents reported in the first half of 2021, a 64% increase from 2020. (PurpleSec)
- The FBI’s Internet Crime Complaint Center (IC3) received 2,084 ransomware complaints in the first half of 2021. (FBI and CISA)
- Experts estimated that a ransomware attack would take place every 11 seconds in 2021. (Cybersecurity Ventures)
- Ransomware attacks increased 148% from Q2 of 2020 to Q2 of 2021. (SonicWall)
- There were a record-breaking number of ransomware attacks in Q3 of 2021, totaling 190.4 million. (SonicWall)
- 127 new ransomware families were discovered in 2020, up 34% since 2019. (Statista)
- There were 304 million ransomware attacks globally in 2020. (Statista)
- The total number of ransomware attacks in 2020 increased by 62% compared to 2019. (Statista)
- December 2021 saw one of the highest volumes of ransomware attacks that year, with 33 publicly reported attacks. (Blackfog)
- The percentage of ransomware attacks that came with a threat to release stolen data increased from 70% in Q4 of 2020 to 77% in Q1 of 2021. (Coveware)
- Compromised remote desktop protocol connections were the most common attack vector in Q1 of 2021. (Coveware)
- VPN appliances, like Fortinet and Pulse Secure, were the most commonly exploited software vulnerabilities in Q1 of 2021. (Coveware)
- 571 different victims suffered a ransomware attack due to a data leak in Q3 of 2021. (Digital Shadows)
- There were 1,748 ransomware attempts per customer through Q3 of 2021 — equivalent to 9.7 ransomware attempts per customer per business day. (SonicWall)
- At least one employee downloaded a malicious mobile application in 46% of organizations in 2021. (Check Point)
Ransomware Cost and Payment Statistics
When it comes to the cost of ransomware, cybercriminals are making and demanding more money than ever before. Even excluding the cost of the ransom, the cost of recovering from a ransomware attack has more than doubled since 2020. Take a look at cost and payment trends for ransomware below:
- The total cost of a ransomware breach was an average of $4.62 million in 2021, not including a ransom. (IBM)
- The average cost for education institutions to rectify the impacts of a ransomware attack, including the ransom itself, was $2.73 million in 2021 — 48% higher than the global average for all sectors. (EdScoop)
- The 2,084 ransomware complaints received by the IC3 in the first half of 2021 amounted to over $16.8 million in losses. (FBI and CISA)
- Reported monetary losses to ransomware attacks increased 20% in the first half of 2021 compared to 2020. (FBI and CISA)
- Ransomware breach response costs took up 52% of the overall cost of a ransomware attack in 2020. (Corvus Insurance)
- Globally, no less than $18 billion was paid in ransoms in 2020. (EmiSoft)
- The average ransom payment was $220,298 in Q1 of 2021, up 43% from Q4 of 2020. (Coveware)
- The average ransom payment was $136,576 in Q2 of 2021, 38% less than Q1 of 2021. (Coveware)
- The average ransom payment was $139,739 in Q3 of 2021, up 2.3% from Q2 of 2021. (Coveware)
- In 2021, lost business represented the largest share of data breach costs, averaging $1.59 million. (IBM)
- 68% of U.S. organizations paid the ransom for a ransomware attack in 2020. (Statista)
- Total ransom demands across all ransomware families averaged $847,344 in 2020. (Bloomberg)
- 32% of ransomware victims paid the ransom in 2021. (Cloudwards)
- Of the 32% of ransomware victims who paid the ransom in 2021, only 65% of their data was ultimately recovered. (Cloudwards)
- Ransomware will cost victims over $265 billion annually by 2031. (Cybersecurity Ventures)
Attacks by Ransomware Group
Both old and new ransomware groups are wreaking havoc on industries across the globe, but a few stood out from the rest:
- LockBit 2.0 was the most active ransomware group in Q3 of 2021. (Digital Shadows)
- 125 ransomware families were discovered between 2018 and 2020, and 32 new families were uncovered in 2021. (Ivanti)
- New ransomware families increased by 26% in 2021, bringing the total to 157 families. (Ivanti)
- The ransomware group Conti received the most ransom payments in 2021, totaling close to $13 million. (atlasVPN)
- The ransomware group REvil/Sodinokibi received the second-highest amount in ransom payments, extorting $12.13 million in 2021. (atlasVPN)
- The DarkSide ransomware group received $4.6 million in ransom payments in 2021. (atlasVPN)
Attacks by Industry
No industry is safe from ransomware attacks, and 37% of all industries suffered a ransomware attack in 2021. However, there’s still variation in which industries are more likely to be targeted.
- Health care was the third most targeted industry for ransomware attacks in 2021. (Blackfog)
- Ransomware attacks were responsible for close to 50% of all data breaches in the health care industry in 2020. (Health and Human Services)
- The health care industry has suffered over $157 million in losses due to ransomware attacks since 2016. (HIPAA Journal)
- Education was the second most targeted industry for ransomware attacks in 2021. (Blackfog)
- 44% of the education sector report suffering a ransomware attack in 2021. (EdScoop)
- The 44% of the education sector who suffered a ransomware attack is higher than the 37% global average for all sectors. (EdScoop)
- Universities targeted by ransomware attacks have increased by 100% between 2019 and 2020. (BlueVoyant)
- A ransomware attack on the higher education industry costs $447,000 on average. (BlueVoyant)
- At least 1,681 universities and schools have been impacted by 84 different ransomware attacks since 2020. (EmsiSoft)
- In the first half of 2021, the education sector saw more ransomware attempts than the government industry in three out of six months. (SonicWall)
- In 2021, ransomware attacks on the government increased to three times the previous year’s high point. (SonicWall)
- In June 2021, there were about 10 times more ransomware attack attempts than average on the government. (SonicWall)
- 246 separate ransomware attacks struck U.S. government agencies in the last three years, costing close to $52.88 billion. (CompariTech)
- Just 38% of local and state government employees have proper ransomware prevention training. (IBM)
Finance & Insurance
- 90% of all financial institutions experienced ransomware attacks in 2020. (Hub Security)
- Ransomware and phishing attempts in the banking sector increased 64% in 2020. (Arctic Wolf via American Banker)
- Phishing and ransomware attacks targeting the banking sector increased by 520% between March and June 2020. (Arctic Wolf via American Banker)
Attacks by Country
Ransomware attacks aren’t just getting worse — they’re getting worse everywhere on a global scale. Globally, Europe experienced a 234% spike in ransomware last year, and attacks in North America increased by 180%. The United States continues to see more ransomware attacks than any other country; of the top 10 countries with the highest volume of ransomware, the U.S. suffered as many attacks as the other nine countries combined — times four.
- The U.S. was the country with the most ransomware attacks in 2021. (SonicWall)
- The United Kingdom was the country with the second highest number of ransomware attacks in 2021. (SonicWall)
- Ransomware attacks in the United Kingdom rose by 144% in 2021. (SonicWall)
- Over 68% of organizations in India reported a ransomware attack in the last year. (Statista)
- The U.S. suffered 227,266,604 million ransomware attacks in 2021. (SonicWall)
- Europe saw a staggering 234% spike in ransomware attacks in 2021. (SonicWall)
- The U.S. saw a 185% increase in the volume of ransomware attacks in 2021. (SonicWall)
- The U.S. saw a 185% increase in volume of ransomware attacks in 2021. (SonicWall)
- Of the top 10 countries who saw the most ransomware attacks in 2021, the U.S. suffered as many attacks as the other nine countries put together times four. (SonicWall)
- 47% of ransomware victims due to data leak sites in Q3 of 2021 were organizations based in the U.S. or Canada. (Digital Shadows)
Ransomware Predictions and Future Trends for 2023
Ransomware is evolving at a rapid pace and will continue to impact all industries in 2023 and beyond. Looking ahead, these statistics shed light on the projections and future trends for ransomware.
- 30% of organizations will adopt Zero Trust Network Access (ZTNA) models by 2024. (Gartner)
- 60% of organizations, along with investors and venture capitalists, will use cybersecurity risk as a key factor in assessing new business opportunities by 2025. (Gartner)
- By 2025, 30% of nation states will enact legislation to regulate ransomware payments and negotiations. (Gartner)
- 40% of boards of directors will have a cybersecurity committee by 2025 as stricter cybersecurity measures become a top priority. (Gartner)
- 70% of CEOs will invest in an organizational culture of cyber resilience by 2025. (Gartner)
- IoT devices are predicted to be increasingly used by attackers to carry out ransomware attacks in 2023 and beyond. (RSA Security via Security Boulevard)
- Yearly revenue for the corporate web security industry has increased annually since 2016 and is expected to reach nearly $8 billion by 2025. (Statista)
How to Prevent a Ransomware Attack
Defending against ransomware attacks is similar to protecting against other types of cyberattacks. The main difference is that ransomware represents a far higher risk to organizations, so taking the proper precautions should be front of mind in securing your organization’s data and assets.
Invest in Employee Education
Cybersecurity is ultimately a human problem, and fostering internal awareness of how to identify a potential ransomware attack is a critical first line of defense for organizations. A threat can’t be avoided if it can’t be recognized, and educating your teams on how to identify potential cyber threats can significantly reduce the chances of an attack. Investing in ongoing cybersecurity training should be a priority for organizations that want to become more cyber resilient.
Implement Endpoint Protections
One of the most effective protections against ransomware and other types of malware is endpoint security, which involves securing endpoints and entry points for all enterprise devices within your organization. Protections like URL filtering and anti-phishing solutions can drastically reduce the chances of infection from common ransomware variants, and they should be deployed on all devices for all users within the organization.
Use a Strong Password Manager
Password security is essential to protecting your organization’s data, but many companies fail to implement proper password use and management across their teams. This simple line of defense can drastically reduce the chances of a ransomware attack or any other cyberattack, and organizations that prioritize a strong password management system will be more successful in preventing an attack.
Keep Reliable Offsite Backups
Organizations should ensure they regularly back up their data and that they have a recovery process in place. Since ransomware attackers often target on-site backups for encryption, ensuring all backups are maintained in a secure offline location is crucial.
Ransomware isn’t anything new, but the last year has revealed its establishment as a highly effective and lucrative attack method for criminals to exploit. Hopefully, the explosive increase and evolution of ransomware in recent years will serve to disrupt the widespread indifference to security issues historically seen across organizations of all industries.
Organizations who prioritize properly securing their data will be more successful in defending against an attack in 2023 and beyond. Something as simple as implementing an endpoint security solution across all enterprise devices will equip you to protect, detect and respond to cyberattacks as the threat landscape continues to evolve.