100+ Ransomware Statistics You Should Know
Meeba Gracy
Sep 11, 2024
No matter how much you beef up your defenses, there’s always a bad actor out there eager to find that one overlooked weakness. Ransomware is one type of malware that threatens to destroy or lock up your critical data unless you cough up a ransom.
If you’re feeling overwhelmed after reading those dramatic headlines that flash every now and then on your screen, you’re not alone.
This article explains and reflects on the ever-present threat of ransomware. We’ve gathered some eye-opening statistics from 2023 and 2024 to give you a clearer picture.
Let’s dive in…
Lessons From Ransomware Statistics 2023
In 2023, the ransomware scene saw some major shifts. Attackers changed their tactics, forming new alliances and spreading RaaS strains. The ransomware scene was tough in 2023, with a 49% jump in victims reported by ransomware leak sites, totaling 3,998 posts from various groups.
They got faster and more aggressive, showing how much more efficient they’ve become.
Attack Methods and Trends
- Ransomware-as-a-Service (RaaS): Growing trend with multiple active operations.
- Frequency of Attacks: The number of attacks and ransom demands continues to rise, with some sectors experiencing repeated attacks within a short period after paying a ransom.
- Encryption and Data Compromise: A significant portion of attacks result in data encryption, with an increasing number of attempts to compromise backups during attacks.
- In 2024, 59% of organizations experienced ransomware attacks, slightly down from 66% in the previous two years.
- Cybersecurity Ventures predicts that global ransomware damage will grow by 30% annually over the next decade. By 2031, damages are expected to surpass $265 billion per year, with a new attack occurring every two seconds.
The State Of Ransware Attacks: Top Ransomware Statistics 2024
- In 2024, about 90% of organizations got hit by ransomware, almost the same as in 2023, when it was 89%. However, more of them reported severe damage, including irretrievable data loss.
- A staggering 90% of organizations experienced ransomware attacks, and 75% paid the ransom but didn’t get their data back. That’s up 7% from 2023. This is especially bad for the finance, healthcare, and life sciences sectors, where paying without data recovery is even more common.
- A recent Trend Micro study of 145 healthcare organizations revealed that 57% have experienced a ransomware attack in the past three years. Additionally, 25% have had to halt operations due to these attacks, and 60% report that some attacks caused complete disruptions to their business processes.
- A solid 92% of organizations plan to increase their data protection budgets in 2024 to enhance cyber resilience against ransomware and other cyberattacks.
- In 2024, 59% of organizations experienced ransomware attacks, slightly down from 66% in the previous two years.
- 94% of organizations hit by ransomware reported that cybercriminals tried to compromise their backups during the attack.
- The 2024 Data Protection Trends Report reveals that only 25% of organizations believe they avoided ransomware in 2023. Meanwhile, 49% were hit 1-3 times, and 26% faced four or more attacks.
- Ransomware continues to be a growing concern for everyone in the IT industry. Gartner is globally forecasting a 3.5% planned increase in overall IT budgets for 2024.
- 97% of surveyed organizations relied on third parties during recovery, commonly involving security software vendors, backup software vendors, forensic security specialists, and resellers or service providers.
Significant Ransomware Statistics in 2023
- In 2023, there were 3,998 ransomware leak site posts, compared to 2,679 in 2022, marking a 49% increase.
- In 2023, a staggering 72.7% of businesses worldwide fell victim to ransomware attacks. This marked a significant increase from the previous three years, setting a new record high.
- The average ransom demand in 2023 was lower than in 2022, but this is likely an outlier. Ransom demands have probably stayed high, but it’s getting harder to track due to stricter privacy measures.
- According to the Verizon 2023 Data Breach Investigations Report (DBIR), ransomware was involved in 24% of all breaches.
- In the first half of 2023, 19% of all cyber insurance claims were related to ransomware, with the average loss hitting a record high of over $365,000.
- The FBI’s Internet Crime Complaint Center (IC3) reported 880,418 Internet crime complaints in 2023, with ransomware complaints surging by 18% to 2,825 cases.
- November 2023 saw the highest number of ransomware attacks with 89 incidents, followed by December and September with 70 attacks.
- Ransomware attacks rose to 68% in 2023, with the average ransom demand also climbing. After attacking Royal Mail, LockBit made the highest known demand of $80 million.
- Ransomware remained a major threat in 2023, driving over 72% of all cybersecurity attacks.
- Over 72% of businesses worldwide were impacted by ransomware attacks as of 2023.
- The number of active ransomware gangs jumped 34% in 2023, rising from 35 to 47. This surge is linked to the splitting of major ransomware groups after their encryptors were leaked on the dark web.
- On average, it takes 49 days to identify a ransomware attack, according to IBM.
- The overall percentage of ransomware attacks dropped slightly from 21% in 2021 to 17% in 2023.
- For the third year in a row, over half of organizations—62% in APJ—believe that a “significant improvement” or even a “complete overhaul” is needed to align their backup and cyber teams better.
- In the past year, 70% of ransomware attacks ended with data encryption. While this is still a significant number, it’s actually a bit lower than the 76% we saw in 2023.
- If 62% of your data was recoverable, then 38% wasn’t, leaving 18% of production data irrecoverable. The survey showed that organization size and location didn’t significantly impact attack or recoverability rates—everyone faced similar damage globally.
- In 2023, 67% of organizations paid their ransom using insurance. While most had a policy on whether to pay, opinions were split: 52% were in favor of paying, while 35% opposed it. Only 13% had no policy at all.
- Statista reports that there were over 317 million attempted ransomware attacks in 2023. Of these, between 4,500 and 5,000 were confirmed successful, though some experts estimate the true number may have been closer to 10,000.
- Medusa ransomware accounted for 5.5% of ransomware attacks in 2023.
Attacks by Industries
- In 2022, the education sector saw the highest volume of malware attacks, but things improved slightly in 2023 with a 3% drop.
- From 2022 to 2024, educational institutions have paid a median ransom of $6.6 million.
- Surprisingly, 67% of higher education organizations ended up paying more in ransom than what was initially demanded in 2023.
- Blackfog found that in 2022, education, government, and healthcare were the top three sectors hit hardest by ransomware attacks.
- Almost every organization (99%) that suffered an identity-related breach in the past year directly impacted their business.
- Data from Unit 42 shows that the manufacturing industry was the hardest hit by ransomware in 2023. Although ransomware affected organizations in over 120 countries, the U.S. was the biggest target, with 47% of ransomware leak site posts mentioning U.S.-based victims.
- Mid-sized companies were the most targeted, with 65% reporting a ransomware attack in the past year.
- Only 7% of organizations planned to significantly boost their investment in ransomware defense technologies for the coming year.
- In 2024, the healthcare sector saw a 7% increase in attack rates compared to the previous year.
- Malware targeting healthcare jumped by 20% in 2024.
- The healthcare sector saw a notable increase in attack frequency, rising from 60% in 2023 to 67% in 2024.
- Healthcare was one of the top infrastructure sectors hit by ransomware in 2023.
- Ransomware remains a major concern in the IT industry, with Gartner predicting a 3.5% global increase in IT budgets for 2024.
- In 2023, 39% of healthcare organizations ended up paying more than the ransom initially requested.
- 52% of businesses experienced significant system and operation disruptions due to ransomware attacks.
- 82% of data breaches involved cloud-based data, with ransomware being a leading cause.
- In 2023, 34% of government organizations reported ransomware attacks, according to Sophos.
- That’s a significant jump, with malware targeting government entities rising 38% since 2019, as noted by SonicWall.
- Looking ahead to 2024, the central and federal government sector is seeing a 68% attack rate, the highest among all industries, according to Sophos.
- Even in the distribution and transport sector, which had the lowest rate of attempted compromise, over 82% of targeted organizations said the attackers tried to access their backups.
- Bitcoin makes up around 98% of ransomware payments, but it’s becoming easier to track. As a result, privacy-focused cryptocurrencies like Monero may become more popular with cybercriminals.
Get ahead of breach scenarios
Notable Incidents and Groups
- The Hive ransomware group, one of the most active in 2022, was taken down in a law enforcement operation in January 2023. This operation recovered the group’s decryption keys, saving victims over $130 million in potential ransom payments.
- In November 2023, the group HAYWIRE KITTEN, linked to IRGC contractor Emennet Pasargad, claimed to target CCTV systems at U.S. airports and threatened cyber-attacks against Israel. They also carried out hack-and-leak and DDoS operations.
- In February 2023, CrowdStrike Services responded to an incident involving Indrik Spider and Bitwise Spider’s LockBit RED ransomware. During this incident, Indrik Spider stole credentials from Azure Key Vault and even accessed ChatGPT while using the Azure Portal.
- The National Health Service (NHS) suffered a $100 million loss due to the WannaCry ransomware attack.
- In January 2023, Royal Mail was hit by a ransomware attack from the LockBit group. The attack halted international parcel deliveries and threatened to publish data if the LockBit group’s demands weren’t met.
- Even though Business Email Compromise (BEC) incidents (phishing) happen ten times more often than ransomware attacks, a ransomware incident is 15 times more likely to lead to a full-blown investigation.
- LockBit was the most notorious ransomware group in 2023, responsible for 19.2% of attacks that were reported.
- BlackCat followed closely, accounting for 18.4% of ransomware attacks.
- Ransomware-as-a-service (RaaS) is growing, with 67 active RaaS operations found in the first half of 2022.
- The ransomware group Play accounted for 4.6% of reported incidents in 2023.
- BlackCat and LockBit accounted for 38% of all reported ransomware attack varitypes in 2023.
- 8Base first made waves in 2022, but it really gained attention in late 2023. This ransomware group is known for its versatility, using a mix of tactics, techniques, and procedures (TTPs) to carry out attacks. They’re highly opportunistic, often seizing on newly disclosed vulnerabilities and deploying different types of ransomware, like Phobos, to maximize their impact.
- February 2023: A massive automated ransomware attack, ESXiArgs, exploited a vulnerability in VMware ESXi servers, leaving over 3,000 servers encrypted despite a patch being released in 2021.
- August 2024: In August 2024, Microchip Technology Incorporated discovered suspicious activity on its IT systems. After detecting the issue on August 17, the company immediately took action to assess the situation, contain the activity, and address any potential unauthorized access.
- March 2023: The Clop group targeted a zero-day vulnerability in Fortra’s GoAnywhere MFT tool, known for exploiting service vulnerabilities, like the attacks on Accelon FTA and SolarWinds Serv-U in previous years.
- April 2023: The ALPHV group (also known as BlackCat) attacked NCR, a major U.S. company dealing in ATMs and other retail banking equipment.
- May 2023: The City of Dallas was hit by a ransomware attack from the Royal group, affecting IT systems and communications, particularly within the Dallas Police Department.
- July 2023: The University of Hawaii admitted to paying a ransom to the NoEscape group after an attack on one of its departments during a series of high-profile ransomware incidents.
- August 2023: The healthcare sector came under fire, with the Rhysida ransomware group attacking Prospect Medical Holdings, which operates hospitals and clinics across several states.
- September 2023: The ALPHV/BlackCat group struck again, this time targeting two major U.S. hotel and casino chains, Caesars and MGM.
- November 2023: The LockBit group exploited the Citrix Bleed vulnerability, affecting over 10,000 servers despite patches being available a month earlier.
- December 2023: Law enforcement agencies, including the FBI and Europol, seized the ALPHV/BlackCat group’s infrastructure, marking a significant crackdown on ransomware activities.
- May 2022: A ransomware attack on Costa Rica’s government led to a state of emergency. The attackers demanded $20 million and warned, “We are determined to overthrow the government by means of a cyberattack.”
Costs and Economic Impact
- 94% of people said their company would pay a ransom to get their data back and resume business operations. Another 5% said they might, depending on the ransom amount.
- About 67% of companies will pay over $3 million to recover their data, and 35% will pay over $5 million.
- The largest ransom payments in 2023 ranged from $25,000 to $99,999, making up 44% of all payments.
- The average cost of a data breach in 2023 hit a record high of $4.45 million.
- For smaller organizations with less than 500 employees, the average cost of a data breach rose from $2.92 million to $3.31 million which marked a 13.4% increase.
- While 91% of organizations have specific budgets for ransomware, only 61% allocate funds after an attack, possibly due to economic concerns or tighter budgets.
- Total ransomware payments went past $1 billion in 2023.
- In the second quarter of 2023, 34% of global organizations hit by ransomware ended up paying the ransom, a drop from 45% in the previous quarter.
- About 33% of organizations said they would consider paying a ransom on a case-by-case basis.
- By the fourth quarter of 2023, the proportion of ransomware victims who paid the ransom dropped to a record low of 29%.
- 38 organizations intend to keep their current spending on ransomware defense.
- 80% of businesses that paid the ransom faced another ransomware attack. Moreover, over two-thirds (68%) of companies experienced another attack within just a month after paying the ransom.
- In Q2 2023, the average ransom paid surged from about $328,000 in Q1 to over $740,000, more than doubling in the process.
- In the first six months of 2023, ransomware extortion totaled $176 million more than in all of 2022.
- Ransomware payments are often made with cryptocurrency because of its anonymity. Chainalysis found over $602 million in ransomware payments were made using cryptocurrencies.
- LockBit saw a 3.5% increase, while BlackCat experienced a significant surge of 5.4% in reported attack occurrences.
- The average ransom demand in 2023 surged to $1.54 million, nearly double 2022.
Geographic Impact
- In 2023, ransomware attacks in Asia soared to 17.5 million, marking a staggering 1,627% increase compared to 2019.
- A recent federal report highlighted by CNBC reveals that American banks completed $1.2 billion in ransomware transactions.
- In 2024, France led the way with the highest rate of ransomware attacks at 74%, according to Sophos.
- South Africa was close behind at 69%, with Italy reporting 68%.
- On the flip side, Brazil had the lowest attack rate at 44%, followed by Japan at 51% and Australia at 54%.
- Interestingly, nine countries actually saw a drop in attack rates compared to 2023.
Country | Organizations Affected |
India | 68% |
Austria | 57% |
United States | 51% |
Israel | 49% |
Turkey | 48% |
Sweden | 47% |
Belgium | 47% |
Switzerland | 46% |
Germany | 46% |
Australia | 45% |
Spain | 44% |
Philippines | 42% |
Canada | 39% |
UAE | 38% |
Brazil | 38% |
Source: Searchlogistics
Other Significant Ransomware Statistics
- 81% of organizations think they have insurance, but 32% of those policies exclude ransomware. Beyond prevention, detection, and recovery costs, other financial factors can also impact your organization during a ransomware attack.
- Cyber attackers often target your backups, leaving many unable to recover without paying. Only 16% of organizations recovered without paying, while 43% of backup repositories were compromised during attacks.
- 60% of survey respondents reported revenue loss, and 53% said their brands suffered significant damage due to ransomware attacks.
- The severity of ransomware incidents also spiked, increasing by 46% that year.
- Impressa, a major Portuguese media conglomerate that owns the country’s largest TV station, SIC TV, and the newspaper Expresso, was hit by a cyberattack from the hacker group Lapsus$. Over the New Year’s weekend, the attackers took control of critical server infrastructure, disrupting operations. As a result, both the TV station and the newspaper remained closed on the Tuesday after the first weekend of 2022.
Just a heads-up: Sprinto’s got a game-changing 360-degree controls monitoring feature that’s perfect for prepping, preventing, detecting, and responding to ransomware attacks. We blend top-notch technical know-how with a people-centered approach to make compliance easy to understand and manage. With a dedicated compliance expert and a support team available across time zones, Sprinto covers everything from risk assessment to audit advice. We’ve got your back every step of the way.
Get ahead of breach scenarios
What’s Next?
While we might dream of a world without ransomware, the reality is that it’s here to stay. Ransomware is only going to get more advanced, especially with AI and deepfakes on the rise. Even with the best cybersecurity training, there’s always that one user who might click on a dangerous link.
To stay ahead, organizations need to focus on effectively securing their data. Implementing a GRC automation platform like Sprinto across all your devices can really boost your defenses. It helps you protect, detect, and respond to cyber threats, keeping you one step ahead as the threat environment doubles down.
Get on a call with us to understand how Sprinto can help you.