Ransomware statistics: 102 facts and trends you need to know in 2023
August 8, 2022
Ransomware is a type of malware designed to encrypt, steal, and/or exploit sensitive data — that is, as the name indicates, unless a target pays a ransom to the hacker.
And despite the best efforts to maintain a sense of control when it comes to cybersecurity, these attacks indeed happen. In fact, hackers used ransomware attacks to compromise more than 2,000 devices in 2021 alone.
To that end, use this roundup of the latest ransomware statistics, trends, and facts for more insight into how prevalent ransomware is and why you should protect yourself from it. That’s also where our protection tips come in. Let’s get started.
- Must-know ransomware trends for 2022
- Key ransomware statistics
- The cost of ransomware attacks
- Headline-worthy ransomware attacks
- Ransomware attacks by country
- Ransomware stats by industry
- Ransomware attacks by strain
- Crypto ransomware statistics
- Ransomware projections and future trends
Must-know ransomware trends for 2023
The way cybercriminals use certain cyberattacks evolves over time. So, here are the latest ransomware trends you should know when it comes to how different types of hackers may use this emerging threat against you.
Types of ransomware are diversifying
New ransomware strains are popping up more and more each day. However, hackers seemed to turn to a select few when carrying out 2021’s attacks. Here are the ransomware strains reported most in 2021.
And with each as dangerous as the next, you can never have too much information on what to expect from these potential threats.
Ransomware demands are increasing
Cybercriminals made sure to pair their use of new and different types of ransomware with a raise in payment demands. According to recent reports, ransomware demands saw a 144% increase in 2021, with the ransomware payouts averaging more than $6 million for victims in the U.S.
Ransomware’s threat to mobile devices is spreading
Mobile devices have become a new target for current ransomware attacks. For example, more than 10 million people lost money and had data exploited after being tricked by a ransomware scam targeting Android users.
Ransomware as a Service is growing (RaaS)
The whole purpose behind ransomware is to make money — whether that's done legally or not. That’s why hackers created Ransomware as a Service tools, helping them make more profit as other hackers carry out widespread ransomware attacks.
You could think of RaaS tools as a subscription service like Netflix or Hulu, but instead of having access to movies and TV shows, you get software that can decode and encrypt most vulnerable systems effortlessly. This provides a steady stream of income for the RaaS owner and more successful ransomware attacks for the hacker.
Key ransomware statistics
Ransomware attacks are more popular than ever — up 85% since 2020. Take a look at how hackers have been using this ransomware to threaten your personal cybersecurity over the past couple of years.
1. The FBI’s Internet Crime Complaint Center (IC3) received 3,729 complaints identified as ransomware in 2021. (IC3, 2021)
2. Ransomware attacks increased 105% in 2021. (SonicWall, 2022)
3. There are an estimated 4,000 ransomware attacks per day. (Theiia, 2022)
4. Nearly 50% of businesses reported losses from a ransomware attack in 2021. (Cybereason, 2022)
5. There was an 85% increase in ransomware attacks since 2020. (Palo Alto Networks, 2021)
6. Reports expect there to be a ransomware attack every two seconds in 2022. (Cybersecurity Ventures, 2022)
7. Ransomware attacks saw a 13% increase over the past five years. (Verizon, 2022)
8. 73% of businesses claim to have been targeted by at least one ransomware attack over the past two years. (Cybereason, 2022)
9. The IC3 reported 2,084 ransomware complaints from January to July 31, 2021. (FBI, 2021)
10. Ransomware attacks on businesses are up 33% since 2021. (Cybereason, 2022)
11. Ransomware accounted for 10% of all cyberattacks in 2021. (Verizon, 2021)
12. More than 70% of people fear falling victim to a ransomware attack. (SonicWall, 2022)
13. 80% of previous ransomware targets got hit with a second ransomware attack. (Cybereason, 2022)
14. 68% of previous ransomware targets saw a second attack within the first month for a higher ransom.
15. There was an 82% increase in ransomware-related data leaks in 2021. (CrowdStrike, 2022)
The cost of ransomware attacks
A loss of nearly $400 million over the past two years is just one of the alarming statistics showcasing the impact of ransomware attacks on everyday people. Continue reading to learn a few more.
16. The highest ransom demanded from a victim reached $70 million in 2021. (Blackblaze, 2021)
17. Victims paid $350 million in ransom in 2020. (Security and Technology, 2020)
18. The average ransom payout for a business was more than $812,000 in 2021. (Sophos, 2022)
19. The IC3 reported losses of more than $49.2 million to ransomware in 2021. (IC3, 2021)
20. Ransomware targets only had about 65% of stolen data returned after paying their ransom. (Sophos, 2022)
21. The highest ransom paid in 2021 was $3.2 million. (Backblaze, 2021)
22. Nearly 30% of ransomware targets had less than 50% of their data restored. (Sophos, 2022)
23. There was an 85% increase in victims who had personal information exposed on the dark web. (Palo Alto, 2022)
24. Less than 10% of ransomware victims got all of their files returned. (Sophos, 2022)
25. The average ransom payout has risen by nearly 80% since 2021. (Palo Alto, 2022)
26. It costs a business $1.85 million on average to recover from a ransomware attack. (Sophos, 2022)
27. Ransomware gangs made more than $400 million in 2020. (Backblaze, 2021)
28. The most common payment made by ransomware victims was $10,000. (Sophos, 2022)
Headline-worthy ransomware attacks
The threat of ransomware became an all-too-real reality for many companies and internet users in 2021 — just imagine waking up to a $70 million ransom note on your computer. Get a better picture of the magnitude by poring over some of the latest ransomware attacks that caught people’s attention most.
29. Colonial Pipeline suffered a ransomware attack that led them to handing more than $4.4 million to hackers to restore stolen data. (Colonial Pipeline, 2021)
30. Ransomware group DarkSide targeted the chemical distribution company Brenntag and demanded a payout of $7.5 million in Bitcoin. (Brenntag, 2021)
31. REvil ransomware group targeted Acer and demanded $50 million to return stolen files to the well-known computer manufacturer. (Acer, 2021)
32. Food processing company JBS Foods fell victim to a ransomware attack that forced them to pay $11 million to hackers. (JBS Foods, 2021)
33. Ransomware group Babuk claimed to steal 500 GB of confidential data from the Houston Rockets, but failed to convince the organization to pay their ransom. (National Basketball Association, 2021)
34. 15,000 devices were compromised when hacking group Evil Corp targeted CNA to steal private insurance information. (CNA, 2021)
35. Ransomware group REvil demanded $70 million from Kaseya after successfully breaching and encrypting confidential files. (Kaseya, 2021)
36. A former Canadian government employee pled guilty to using NetWalker ransomware to steal more than $29 million from vulnerable internet users. (NetWalker, 2022)
37. Conti ransomware was responsible for attacks that disrupted essential services for Costa Rican citizens. (Costa Rica, 2022)
38. A school district in New Jersey reported a ransomware attack that compromised their district-wide computer system. (Tenafly Public Schools, 2022)
39. Macmillan publishing company shut down operations to prevent the spread of a ransomware attack on their systems. (Macmillan, 2022)
Ransomware attacks by country
The threat of ransomware is a global issue, with more than 300 million attacks worldwide in 2021. As such, several countries around the world are learning how to stay protected.
40. There were 304.7 million ransomware attacks globally in 2021. (SonicWall, 2021)
41. The United States experienced the most ransomware attacks in 2021. (SonicWall, 2021)
42. The United Kingdom had the second highest total ransomware attacks. (SonicWall, 2021)
43. The average ransom payment in the U.S. in 2021 was more than $6.3 million. (Mimecast, 2021)
44. Europe saw a 234% increase in ransomware attacks in 2021. (SonicWall, 2021)
45. North America saw a 180% increase in ransomware attacks in 2021. (SonicWall, 2021)
46. The United Kingdom experienced a 144% increase in ransomware attacks in 2021. (SonicWall, 2021)
47. Asia saw a 59% increase in ransomware attacks in 2021. (SonicWall, 2021)
48. India experienced almost 4 million ransomware attacks in 2021. (SonicWall, 2021)
Ransomware stats by industry
Similar to its spread around the world, ransomware trends are showing an increase of attacks targeting specific industries. Why? hackers know businesses dealing with larger amounts of private data may be willing to pay a pretty penny to protect it.
49. Health care was the most targeted industry by ransomware in 2021. (IC3, 2021)
50. 66% of health care companies experienced a ransomware attack in 2021. (Sophos, 2022)
51. 34% of health care companies experienced a ransomware attack in 2020. (Sophos, 2021)
52. 61% of ransomware attacks resulted in hackers encrypting data to prevent access in 2021. (Sophos, 2022)
53. 99% of health care organizations got their stolen data restored in 2021. (Sophos, 2022)
54. 65% of health care organizations got their encrypted data restored after paying their ransom in 2021. (Sophos, 2022)
55. The ransom payment rate for health care companies increased by 61% in 2021. (Sophos, 2022)
56. The average ransom payment amount in the health care industry increased by 33% in 2021. (Sophos, 2022)
57. The average ransom payout within the health care industry was $197,000 in 2021. (Sophos, 2022)
58. The average cost to resolve a ransomware attack in the health care industry was $1.85 million in 2021. (Sophos, 2022)
59. It takes about one week for a health care business to recover from a ransomware attack. (Sophos, 2022)
60. 64% of higher education institutions experienced a ransomware attack in 2021. (Sophos, 2022)
61. 70% of higher education institutions used data backups to recover stolen information in 2021. (Sophos, 2022)
62. 60% of higher education institutions had their data restored after paying their ransom in 2021. (Sophos, 2022)
63. Ransomware attacks on higher education institutions increased by 28% in 2021. (Blackfrog, 2022)
Financial services and insurance
64. Financial institutions reported 635 ransomware-related incidents in 2021. (Berkley Financial Specialists, 2022)
65. Ransomware reports within the financial services industry increased by 30% in 2021. (Berkley Financial Specialists, 2022)
66. Financial services institutions reportedly paid an estimated $590 million in ransom payouts in the first six months of 2021. (Berkley Financial Specialists, 2022)
67. Financial services institutions reportedly paid an estimated $416 million in ransom payouts in 2020. (Berkley Financial Specialists, 2021)
68. 34% of financial services companies fell victim to ransomware in 2020. (Sophos, 2021)
69. 25% of financial services organizations paid the ransom to get theirdata back in 2020. (Sophos, 2022)
70. The average cost to recover from a ransomware attack in the financial services industry was $2.1 million in 2020. (Sophos, 2022)
1. There were 79 individual ransomware attacks carried out on government organizations in 2020. (ICMA, 2021)
2. Ransomware recovery costs totaled $18.88 billion for government organizations in 2020. (ICMA, 2021)
3. Ransomware attacks against government customers rose 1,885% in 2021. (SonicWall, 2022)
Ransomware attacks by strain
Did you know certain ransomware strains are more active than others? If not, here are the ones that caused the most noise over the past couple years.
71. 511 ransomware attacks were carried out using ransomware strain Conti in 2021. (Palo Alto Networks, 2021)
72. The average Sodinokibi ransom payout is $25,000. (Coveware, 2022)
73. Ransomware strain Conti demands $50,000 to restore access to stolen data. (Palo Alto Networks, 2022)
74. The average length of a Sodinokibi ransomware attack is 19 days. (Coveware, 2022)
75. Conti made up nearly 10% of all ransomware attacks in 2021. (Trend Micro, 2022)
76. The average ransom payment for Conti V2 is $110,000. (Coveware, 2022)
77. LockBit made up 35.8% of ransomware attacks in 2021. (Trend Micro, 2022)
78. The average length of a Conti V2 ransomware attack is 15 days. (Coveware, 2022)
79. Ryuk was created by a hacking group known as Wizard Spider. (Trend Micro, 2022)
80. 406 ransomware attacks were carried out using ransomware strain LockBit 2.0 in 2021. (Palo Alto Networks, 2021)
81. Ryuk had the highest ransom demand in 2019, totalling $12.5 million. (Trend Micro, 2022)
82. Hackers using Ryuk netted an estimated revenue of $150 million in 2020. (Trend Micro, 2022)
Crypto ransomware statistics
Hackers learned to use cryptocurrency to try and keep ransom payouts untraceable. Here’s how it’s going for them.
83. Bitcoin accounted for about 98% of ransomware payments in 2019. (Coveware, 2020)
84. Losses from crypto hacking rose by 79% in 2021. (Chainalysis, 2021)
85. The world’s largest meat processing company paid $11 million in Bitcoin to resolve a ransomware attack. (NPR, 2021)
86. Colonial Pipeline was able to receive $4.4 million worth of Bitcoin back once the FBI helped them recover from a ransomware attack. (NPR, 2021)
87. Cybercriminals used ransomware efforts to secure more than $25 billion worth of cryptocurrency in 2021. (Chainalysis, 2022)
88. Ransomware generated nearly $100 million worth of cryptocurrency in 2021. (CoinDesk, 2022)
89. Illegal cryptocurrency transactions rose by 79% in 2021.
90. The Department of Justice successfully seized $3.6 billion worth of Bitcoin connected to a Bitfinex hack in 2016. (Chainalysis, 2022)
91. There were 51.1 million cryptojacking hacks in the first half of 2021. (SonicWall, 2021)
92. Cryptojacking saw a 23% increase in 2021. (SonicWall, 2021)
93. Cryptojacking more than quadrupled in North America in 2020. (CrowdStrike, 2021)
94. The Department of Justice seized more than $2.3 million worth of crypto from ransomware gang DarkSide. (Chainalysis, 2022)
95. The value of cryptocurrency theft and hacking rose to $513 million in 2020. (Trading Platforms, 2022)
96. The IRS seized more than $3.5 billion worth of crypto back from hackers in 2021. (Chainalysis, 2022)
97. Roger Nils-Jonas Karlsson pled guilty to using ransomware to defraud more than 3,500 people out of $16 million worth of cryptocurrency (Yahoo Finance, 2021)
98. Ransomware accounts for $30 million worth of stolen crypto in 2021. (Chainalysis, 2022)
Ransomware projections and future trends
The future of ransomware isn’t set in stone. We can, however, make predictions based on how hackers are carrying out their cyberattacks.
99. Annual ransomware damages are expected to reach $20 billion in 2022. (Cybersecurity Ventures, 2022)
100. Predictions estimate ransomware costing victims more than $265 billion annually by 2031. (Cybersecurity Ventures, 2022)
101. 30% of countries will enact legislation to regulate ransomware payments and negotiations by 2025. (Gartner, 2022)
102. Mobile devices will be increasingly used by hackers to deliver ransomware attacks in 2022 and beyond. (Security Boulevard, 2022
Ransomware attack protection tips
At the end of the day, ransomware is much like any other cyberthreat — there are steps you can take to help protect yourself. Here are a few tips for avoiding ransomware attacks and infection techniques:
- Beware of phishing and other suspicious emails often used to deliver ransomware.
- Always keep operating systems and programs updated with the latest security features and settings.
- Never use unfamiliar USB sticks that could be hosting malicious software.
- Look out for smishing texts sent to your phone that are often riddled with infected links.
- Use a VPN when using a public Wi-Fi connection.
- Remember to back up data whenever possible.
- Protect personal information that could trace back to you.
- Never pay demanded ransoms, as there's no guarantee you’ll have your stolen information returned.
- Download antivirus software to detect and resolve threats if and/or when they arise.
Making an effort to stay on top of the potential threats that could put your data and online privacy at risk is a responsible thing to do. Use these 102 ransomware statistics to better your understanding of how to stay safe online and the importance of prioritizing data security.
Ransomware statistics FAQs
Still have questions surrounding ransomware and the ransomware statistics presented here? We have answers.
Who invented ransomware?
Joseph L. Popp created the first reported version of ransomware known as the 1989 AIDS Trojan.
Why is ransomware so popular?
Hackers favor ransomware because of their ability to easily target victims with security patches and outdated operating systems.
How long does a ransomware attack take?
It could take a ransomware attack as little as 45 minutes to compromise a target.
What percentage of cyberattacks are ransomware?
Ransomware accounted for 10% of all cyberattacks in 2021.
How many people actually pay ransomware?
According to a study by Thycotic, 83% of people felt like they had no other choice but to pay their ransom.
What is the largest ransomware payment made?
A payment of $40 million marked the largest ransom paid to reverse the effects of a ransomware attack.
Norton™ 360 for Mobile
Powerful protection for your mobile device and online privacy – plus Dark Web Monitoring Powered by LifeLock™.
It’s more important than ever to make sure your mobile devices are secure and your personal information stays private. Norton 360 for Mobile helps deliver powerful, proactive protection for your device and personal information against stealthy cyberthreats and online scams.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.