Ransomware statistics: 102 facts and trends you need to know


Use this overview of 102 ransomware statistics to learn about the latest ransomware attacks and how to better protect your personal devices and information.

Ransomware is a type of malware designed to encrypt, steal, and/or exploit sensitive data — that is, as the name  indicates, unless a target pays a ransom to the hacker.   

And despite the best efforts to maintain a sense of control when it comes to cybersecurity, these attacks indeed  happen. In fact, hackers used ransomware attacks to compromise more than 2,000 devices in 2021 alone.  

To that end, use this roundup of the latest ransomware statistics, trends, and facts for more insight into how  prevalent ransomware is and why you should protect yourself from it. That’s also where our protection tips come  in. Let’s get started.   

Must-know ransomware trends

The way cybercriminals use certain cyberattacks evolves over time. So, here are the latest ransomware trends you should know when it comes to how different types of hackers may use this emerging threat against you. 

Types of ransomware are diversifying

most reported ransomware strains

New ransomware strains are popping up more and more each day. However, hackers seemed to turn to a select  few when carrying out 2021’s attacks. Here are the ransomware strains reported most in 2021

  1. Ryuk
  2. SamSam
  3. Cerber
  4. GandCrab
  5. CryptoJoker 

And with each as dangerous as the next, you can never have too much information on what to expect from these potential threats.

Ransomware demands are increasing

Cybercriminals made sure to pair their use of new and different types of ransomware with a raise in payment  demands. According to recent reports, ransomware demands saw a 144% increase in 2021, with the ransomware  payouts averaging more than $6 million for victims in the U.S. 

Ransomware’s threat to mobile devices is spreading

Mobile devices have become a new target for current ransomware attacks. For example, more than 10 million  people lost money and had data exploited after being tricked by a ransomware scam targeting Android users.  

Ransomware as a Service is growing (RaaS)

The whole purpose behind ransomware is to make money — whether that's done legally or not. That’s why  hackers created Ransomware as a Service tools, helping them make more profit as other hackers carry out  widespread ransomware attacks.  

You could think of RaaS tools as a subscription service like Netflix or Hulu, but instead of having access to movies and TV shows, you get software that can decode and encrypt most vulnerable systems effortlessly. This provides  a steady stream of income for the RaaS owner and more successful ransomware attacks for the hacker.  

Key ransomware statistics

Ransomware attacks are more popular than ever — up 85% since 2020. Take a look at how hackers have been  using this ransomware to threaten your personal cybersecurity over the past couple of years. 

ransomware on the rise

1.  The FBI’s Internet Crime Complaint Center (IC3) received 3,729 complaints identified as ransomware in 2021.  (IC3, 2021) 

2.  Ransomware attacks increased 105% in 2021. (SonicWall, 2022)

3.  There are an estimated 4,000 ransomware attacks per day. (Theiia, 2022)

4.  Nearly 50% of businesses reported losses from a ransomware attack in 2021. (Cybereason, 2022)

5.  There was an 85% increase in ransomware attacks since 2020. (Palo Alto Networks, 2021)

6.  Reports expect there to be a ransomware attack every two seconds in 2022. (Cybersecurity Ventures, 2022) 

7.  Ransomware attacks saw a 13% increase over the past five years. (Verizon, 2022)

8.  73% of businesses claim to have been targeted by at least one ransomware attack over the past two years.  (Cybereason, 2022)

9.  The IC3 reported 2,084 ransomware complaints from January to July 31, 2021. (FBI, 2021)

10.  Ransomware attacks on businesses are up 33% since 2021. (Cybereason, 2022)

11.  Ransomware accounted for 10% of all cyberattacks in 2021. (Verizon, 2021)

12.  More than 70% of people fear falling victim to a ransomware attack. (SonicWall, 2022)

13.  80% of previous ransomware targets got hit with a second ransomware attack. (Cybereason, 2022)

14.  68% of previous ransomware targets saw a second attack within the first month for a higher ransom.
(Cybereason, 2022)

15.  There was an 82% increase in ransomware-related data leaks in 2021. (CrowdStrike, 2022)

The cost of ransomware attacks

A loss of nearly $400 million over the past two years is just one of the alarming statistics showcasing the impact of ransomware attacks on everyday people. Continue reading to learn a few more. 

16.  The highest ransom demanded from a victim reached $70 million in 2021. (Blackblaze, 2021)

17.  Victims paid $350 million in ransom in 2020. (Security and Technology, 2020)

18.  The average ransom payout for a business was more than $812,000 in 2021. (Sophos, 2022)

19.  The IC3 reported losses of more than $49.2 million to ransomware in 2021. (IC3, 2021)

20.  Ransomware targets only had about 65% of stolen data returned after paying their ransom. (Sophos, 2022)

21.  The highest ransom paid in 2021 was $3.2 million. (Backblaze, 2021)

22.  Nearly 30% of ransomware targets had less than 50% of their data restored. (Sophos, 2022)

23.  There was an 85% increase in victims who had personal information exposed on the dark web. (Palo  Alto, 2022)

24.  Less than 10% of ransomware victims got all of their files returned. (Sophos, 2022)

25.  The average ransom payout has risen by nearly 80% since 2021. (Palo Alto, 2022)

26.  It costs a business $1.85 million on average to recover from a ransomware attack. (Sophos, 2022)

27.  Ransomware gangs made more than $400 million in 2020. (Backblaze, 2021) 

28.  The most common payment made by ransomware victims was $10,000. (Sophos, 2022)

Headline-worthy ransomware attacks

The threat of ransomware became an all-too-real reality for many companies and internet users in 2021 — just  imagine waking up to a $70 million ransom note on your computer. Get a better picture of the magnitude by  poring over some of the latest ransomware attacks that caught people’s attention most.

29.  Colonial Pipeline suffered a ransomware attack that led them to handing more than $4.4 million to hackers  to restore stolen data. (Colonial Pipeline, 2021)

30.  Ransomware group DarkSide targeted the chemical distribution company Brenntag and demanded a payout  of $7.5 million in Bitcoin. (Brenntag, 2021)

31.  REvil ransomware group targeted Acer and demanded $50 million to return stolen files to the well-known  computer manufacturer. (Acer, 2021)

32.  Food processing company JBS Foods fell victim to a ransomware attack that forced them to pay $11 million to hackers. (JBS Foods, 2021)

33.  Ransomware group Babuk claimed to steal 500 GB of confidential data from the Houston Rockets, but failed  to convince the organization to pay their ransom. (National Basketball Association, 2021)

34.  15,000 devices were compromised when hacking group Evil Corp targeted CNA to steal private insurance information. (CNA, 2021)

35. Ransomware group REvil demanded $70 million from Kaseya after successfully breaching and encrypting confidential files. (Kaseya, 2021)

36.  A former Canadian government employee pled guilty to using NetWalker ransomware to steal more than $29 million from vulnerable internet users. (NetWalker, 2022)

37.  Conti ransomware was responsible for attacks that disrupted essential services for Costa Rican citizens. (Costa Rica, 2022)

38.  A school district in New Jersey reported a ransomware attack that compromised their district-wide computer  system. (Tenafly Public Schools, 2022)

39.  Macmillan publishing company shut down operations to prevent the spread of a ransomware attack on their  systems. (Macmillan, 2022)

Ransomware attacks by country 

The threat of ransomware is a global issue, with more than 300 million attacks worldwide in 2021. As such, several countries around the world are learning how to stay protected. 

ransomware targets around the world

40.  There were 304.7 million ransomware attacks globally in 2021. (SonicWall, 2021)

41.  The United States experienced the most ransomware attacks in 2021. (SonicWall, 2021)

42.  The United Kingdom had the second highest total ransomware attacks. (SonicWall, 2021)

43.  The average ransom payment in the U.S. in 2021 was more than $6.3 million. (Mimecast, 2021)

44.  Europe saw a 234% increase in ransomware attacks in 2021. (SonicWall, 2021)

45.  North America saw a 180% increase in ransomware attacks in 2021. (SonicWall, 2021)

46.  The United Kingdom experienced a 144% increase in ransomware attacks in 2021. (SonicWall, 2021)

47.  Asia saw a 59% increase in ransomware attacks in 2021. (SonicWall, 2021)

48.  India experienced almost 4 million ransomware attacks in 2021. (SonicWall, 2021)

Ransomware stats by industry

Similar to its spread around the world, ransomware trends are showing an increase of attacks targeting specific industries. Why? hackers know businesses dealing with larger amounts of private data may be willing to pay a pretty penny to protect it. 

Health care 

49.  Health care was the most targeted industry by ransomware in 2021. (IC3, 2021)

50.  66% of health care companies experienced a ransomware attack in 2021. (Sophos, 2022)

51.  34% of health care companies experienced a ransomware attack in 2020. (Sophos, 2021)

52.  61% of ransomware attacks resulted in hackers encrypting data to prevent access in 2021. (Sophos, 2022)

53.  99% of health care organizations got their stolen data restored in 2021. (Sophos, 2022)

54.  65% of health care organizations got their encrypted data restored after paying their ransom in 2021. (Sophos, 2022)

55.  The ransom payment rate for health care companies increased by 61% in 2021. (Sophos, 2022)

56.  The average ransom payment amount in the health care industry increased by 33% in 2021. (Sophos, 2022)

57.  The average ransom payout within the health care industry was $197,000 in 2021. (Sophos, 2022)

58.  The average cost to resolve a ransomware attack in the health care industry was $1.85 million in 2021. (Sophos, 2022)

59.  It takes about one week for a health care business to recover from a ransomware attack. (Sophos, 2022)

Higher Education

60.  64% of higher education institutions experienced a ransomware attack in 2021. (Sophos, 2022)

61.  70% of higher education institutions used data backups to recover stolen information in 2021. (Sophos, 2022)

62.  60% of higher education institutions had their data restored after paying their ransom in 2021. (Sophos, 2022)

63.  Ransomware attacks on higher education institutions increased by 28% in 2021. (Blackfrog, 2022)

Financial services and insurance

64.  Financial institutions reported 635 ransomware-related incidents in 2021. (Berkley Financial Specialists, 2022)

65.  Ransomware reports within the financial services industry increased by 30% in 2021. (Berkley Financial Specialists, 2022)

66.  Financial services institutions reportedly paid an estimated $590 million in ransom payouts in the first six months of 2021. (Berkley Financial Specialists, 2022)

67.  Financial services institutions reportedly paid an estimated $416 million in ransom payouts in 2020. (Berkley Financial Specialists, 2021)

68.  34% of financial services companies fell victim to ransomware in 2020. (Sophos, 2021)

69.  25% of financial services organizations paid the ransom to get theirdata back in 2020. (Sophos, 2022)

70. The average cost to recover from a ransomware attack in the financial services industry was $2.1 million in 2020. (Sophos, 2022)


1.  There were 79 individual ransomware attacks carried out on government organizations in 2020. (ICMA, 2021)

2.  Ransomware recovery costs totaled $18.88 billion for government organizations in 2020. (ICMA, 2021)

3.  Ransomware attacks against government customers rose 1,885% in 2021. (SonicWall, 2022)

Ransomware attacks by strain

Did you know certain ransomware strains are more active than others? If not, here are the ones that caused the most noise over the past couple years.

71.  511 ransomware attacks were carried out using ransomware strain Conti in 2021. (Palo Alto Networks, 2021)

72.  The average Sodinokibi ransom payout is $25,000. (Coveware, 2022)

73.  Ransomware strain Conti demands $50,000 to restore access to stolen data. (Palo Alto Networks, 2022)

74.  The average length of a Sodinokibi ransomware attack is 19 days. (Coveware, 2022)

75.  Conti made up nearly 10% of all ransomware attacks in 2021. (Trend Micro, 2022)

76.  The average ransom payment for Conti V2 is $110,000. (Coveware, 2022)

77.  LockBit made up 35.8% of ransomware attacks in 2021. (Trend Micro, 2022)

78.  The average length of a Conti V2 ransomware attack is 15 days. (Coveware, 2022)

79.  Ryuk was created by a hacking group known as Wizard Spider. (Trend Micro, 2022)

80.  406 ransomware attacks were carried out using ransomware strain LockBit 2.0 in 2021. (Palo Alto Networks, 2021)

81.  Ryuk had the highest ransom demand in 2019, totalling $12.5 million. (Trend Micro, 2022)

82.  Hackers using Ryuk netted an estimated revenue of $150 million in 2020. (Trend Micro, 2022)

Crypto ransomware statistics

Hackers learned to use cryptocurrency to try and keep ransom payouts untraceable. Here’s how it’s going for them. 

83.  Bitcoin accounted for about 98% of ransomware payments in 2019. (Coveware, 2020)

84.  Losses from crypto hacking rose by 79% in 2021. (Chainalysis, 2021)

85.  The world’s largest meat processing company paid $11 million in Bitcoin to resolve a ransomware attack. (NPR, 2021)

86.  Colonial Pipeline was able to receive $4.4 million worth of Bitcoin back once the FBI helped them recover from a ransomware attack. (NPR, 2021)

87.  Cybercriminals used ransomware efforts to secure more than $25 billion worth of cryptocurrency in 2021. (Chainalysis, 2022)

88.  Ransomware generated nearly $100 million worth of cryptocurrency in 2021. (CoinDesk, 2022) 

89.  Illegal cryptocurrency transactions rose by 79% in 2021.

90.  The Department of Justice successfully seized $3.6 billion worth of Bitcoin connected to a Bitfinex hack in 2016. (Chainalysis, 2022)

91.  There were 51.1 million cryptojacking hacks in the first half of 2021. (SonicWall, 2021)

92.  Cryptojacking saw a 23% increase in 2021. (SonicWall, 2021)

93.  Cryptojacking more than quadrupled in North America in 2020. (CrowdStrike, 2021)

94.  The Department of Justice seized more than $2.3 million worth of crypto from ransomware gang DarkSide. (Chainalysis, 2022)

95.  The value of cryptocurrency theft and hacking rose to $513 million in 2020. (Trading Platforms, 2022)

96.  The IRS seized more than $3.5 billion worth of crypto back from hackers in 2021. (Chainalysis, 2022)

97.  Roger Nils-Jonas Karlsson pled guilty to using ransomware to defraud more than 3,500 people out of $16 million worth of cryptocurrency (Yahoo Finance, 2021)

98.  Ransomware accounts for $30 million worth of stolen crypto in 2021. (Chainalysis, 2022) 

Ransomware projections and future trends

The future of ransomware isn’t set in stone. We can, however, make predictions based on how hackers are carrying out their cyberattacks.

99.  Annual ransomware damages are expected to reach $20 billion in 2022. (Cybersecurity Ventures, 2022)

100. Predictions estimate ransomware costing victims more than $265 billion annually by 2031. (Cybersecurity Ventures, 2022)

101. 30% of countries will enact legislation to regulate ransomware payments and negotiations by 2025. (Gartner, 2022)

102. Mobile devices will be increasingly used by hackers to deliver ransomware attacks in 2022 and beyond. (Security Boulevard, 2022

Ransomware attack protection tips 


the future of ransomware

At the end of the day, ransomware is much like any other cyberthreat — there are steps you can take to help  protect yourself. Here are a few tips for avoiding ransomware attacks and infection techniques:         

  • Beware of phishing and other suspicious emails often used to deliver ransomware.
  • Always keep operating systems and programs updated with the latest security features and settings. 
  • Never use unfamiliar USB sticks that could be hosting malicious software.
  • Look out for smishing texts sent to your phone that are often riddled with infected links. 
  • Use a VPN when using a public Wi-Fi connection.
  • Remember to back up data whenever possible. 
  • Protect personal information that could trace back to you. 
  • Never pay demanded ransoms, as there's no guarantee you’ll have your stolen information returned. 
  • Download antivirus software to detect and resolve threats if and/or when they arise.  

Making an effort to stay on top of the potential threats that could put your data and online privacy at risk is a responsible thing to do. Use these 102 ransomware statistics to better your understanding of how to stay safe online and the importance of prioritizing data security.

Ransomware statistics FAQs

Still have questions surrounding ransomware and the ransomware statistics presented here? We have answers.

Who invented ransomware?

Joseph L. Popp created the first reported version of ransomware known as the 1989 AIDS Trojan. 

Why is ransomware so popular? 

Hackers favor ransomware because of their ability to easily target victims with security patches and outdated operating systems.

How long does a ransomware attack take?

It could take a ransomware attack as little as 45 minutes to compromise a target. 

What percentage of cyberattacks are ransomware?

Ransomware accounted for 10% of all cyberattacks in 2021.

How many people actually pay ransomware?

According to a study by Thycotic, 83% of people felt like they had no other choice but to pay their ransom.

What is the largest ransomware payment made?

A payment of $40 million marked the largest ransom paid to reverse the effects of a ransomware attack. 

Clare Stouffer
  • Clare Stouffer
  • Gen employee
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.