Share on:

October is a month to tell scary stories. It’s also Cybersecurity Awareness Month. And there’s no better intersection of those two concepts than ransomware.

This year in particular has seen a massive spike in major, high-profile ransomware attacks. At the very least, this spike has put ransomware in the limelight and has led businesses to prioritize cybersecurity. 

In honor of Cybersecurity Awareness Month, let’s take a look at 31 ransomware statistics.

How Prevalent is Ransomware?

It shouldn’t be a surprise that ransomware is a common occurrence in 2022. One of the major drivers of this prevalence is the growing ransomware-as-a-service market, an underground market in which ransomware developers outsource their operations to affiliates who then execute the attack. Ransomware affiliates don’t need to have as much technical expertise, which significantly lowers the barriers to entry.

1.A ransomware attack occurs every 11 seconds (Cybersecurity Ventures)

2. Ryuk was the most common variant of ransomware in 2021, with 93.9 million instances in the first half of the year (Sonicwall

3. Ransomware accounts for 69% of all malware attacks (Positive Technologies

The Cost of Ransomware

The cost of ransomware isn’t as cut and dried as you might think; it doesn’t stop at the price of ransom. To calculate the total cost of an attack on a business, you need to take into account a variety of factors, such as damage to reputation, lost revenue due to downtime, remediation costs, and more.

4. The average cost to remediate a ransomware attack doubled in one year – from $761,106 in 2020 to $1.85 million in 2021. (Sophos)

5. In 2020, 32% of ransomware victims needed to pay the criminals to decrypt their data, which was a 23% increase compared to the previous year (Sophos).

6. The average ransom payment in Q1 2021 was $220,298, which was 43% higher than the previous quarter (Coveware

7. Ransomware results in an average of 23 days of downtime (Coveware)

8. The record for largest paid ransom was $40 million, paid by an insurance company called CNA Financial (Business Insider)

How Does Ransomware Happen?

Some ransomware attacks are a long con; attackers work on a ransomware project for weeks or even months, moving slowly throughout the network. Newer ransomware attacks can take as little as 12 hours. No matter what, it’s important to be familiar with common vectors and techniques that ransomware actors use to gain access to a system, as well as the warning signs that a threat actor may be jiggling the doorknobs of your environment.

9. The most common attack vector for ransomware was RDP compromise (Coveware)

10. 91% of cyberattacks begin with a spear phishing campaign (KnowBe4)

11. Windows users are the target of 85% of ransomware attacks. (PurpleSec)

12. The number of RDP ports exposed to the internet has grown quickly, from roughly 3 million in January 2020 to more than 4.5 million in March 2020 (McAfee)

Ransomware in SMBs

Small to medium-sized businesses are a common target for ransomware attackers because they often struggle to defend against outbreaks due to lack of resources, no security expertise, and little time for dedicated investigation and response. SMBs often mistakenly believe that they are too small of a target for ransomware actors; the reality is that ransomware gangs often target companies with low barriers to entry. 

Get Your Free Ransomware Prevention Guide for SMBs

13. Over 73% of ransomware victims have 1,000 employees or less (Coveware)

14. 46% of all small businesses have been the victim of a ransomware attack (Dark Reading)

15. 25% of SMBs have no plans in place to mitigate ransomware attacks (CSO Online)

16. 60% of small businesses fail within six months of a ransomware attack (CSO Online)

17. Only 29% of small businesses had experience with ransomware, making them more likely to be unprepared for the threat. (PurpleSec)

18. Of the SMBs that paid the ransom, 17% only recovered some of the company data. (Dark Reading)

19. 20% of SMB leaders say they don’t have a data backup or data recovery solution in place (Infrascale)

Ransomware in Education

Limited budgets and staffing means that the educational sector has always been an attractive target for cybercriminals, but recent circumstances (namely the COVID-19 pandemic) have worsened the issue.

20. Ransomware attacks against universities increased by 100% between 2019 and 2020. (BlueVoyant, 2021)

21. The education sector was the least prepared of any sector to deal with cyberattacks (Security Scorecard)

22. 1,681 schools, colleges and universities were victims of ransomware in 2020 (Emsisoft)

Ransomware in Healthcare

Healthcare organizations are a prime target for cybercrime, especially during 2020 as overloaded hospitals postponed technology upgrades and training as they put out fires brought on by the pandemic. The consequences of ransomware on a healthcare organization isn’t simply lost revenue — it can also be human life.

23. 34% of healthcare organizations were hit by ransomware in the last year. (HHS)

24. Ransomware and data breaches were linked to an increase in fatal heart attacks (PBS)

25. 50% of IT professionals in healthcare believe their industry isn’t ready to handle the threat of ransomware or other cyber security threats. (PurpleSec)

26. Data breaches in the healthcare increased by 58% in 2020 (Verizon)

Ransomware in Government

With budgets and IT teams both stretched thin, city and county municipalities must still stay ahead of cyberattacks to prevent disruptions to critical infrastructure. When a cybersecurity incident hits a state or local government agency, it can affect medical treatment, leak citizen and police data, and violate compliance regulations.

27. The most targeted sector in 2021 was government (Sonicwall

28. Local government is the sector where organizations are most likely to have their data encrypted in a ransomware attack (69%) (Sophos)

29. Only around 38% of local and state government employees are trained in ransomware attack prevention. (IBM, 2020)

The Future of Ransomware

Unfortunately, it appears ransomware is here to stay — and IT teams need to be armed with ransomware prevention tactics. A lot of organizations aren’t sure where to start, or what best security practices are foundational to ensure good security hygiene and help reduce overall the risk of ransomware infection.

30. The global damage of ransomware market is predicted to reach $250 billion by 2031 (Cybersecurity Ventures)

31. Cybercrime damages will reach $6 trillion annually; this is more profit than the global market of all major illegal drugs (Cybersecurity Ventures)

How Blumira Can Help Prevent Ransomware

While there’s no solution that can prevent ransomware alone, a variety of different security practices and layers of security can help you prevent a ransomware attack. At the core of your ransomware prevention strategy, you’ll need an automated way to gain complete visibility of your entire environment, identify indicators of an attack in progress and quickly respond to threats.

To enable you to do that, Blumira offers an all-in-one solution that all organizations can leverage, no matter what size of team or level of security expertise. Blumira’s platform enables you to easily detect and respond to threats to prevent a ransomware attack and data breach.

Get your free Blumira account to see how you can prevent ransomware.

Security news and stories right to your inbox!