Ransomware Statistics, Trends and Facts for 2021 and Beyond

Ransomware attacks are growing in size and frequency, threatening businesses around the world. Read this article about ransomware statistics, trends and facts to stay informed about the threat.

Aleksandar Kochovski
By Aleksandar Kochovski (Editor)
— Last Updated: 2021-09-29T13:06:19+00:00

Ransomware has taken quite a swing in recent years. It has grown at an alarming rate to become a threat to thousands of businesses and organizations worldwide. In this article, we will lay out some ransomware statistics so that you know exactly what you’re up against when making a ransomware protection plan for your business.

ransomware statistics by the numbers
Ransomware statistics by the numbers.
  • 07/28/2021

    Cloudwards.net updated and double checked this statistics article for accuracy, as well as added new images.

5 Key Ransomware Statistics:

  1. Ransomware cost the world $20 billion in 2021. That number is expected to rise to $265 billion by 2031.8, 11
  2. In 2021, 37 percent of all businesses and organizations were hit by ransomware.9
  3. Recovering from a ransomware attack cost businesses $1.85 million on average in 2021.9
  4. Out of all ransomware victims, 32 percent pay the ransom, but they only get 65 percent of their data back.9
  5. Only 57 percent of businesses are successful in recovering their data using a backup.9

Ransomware Facts

Ransomware attacks can be scary, especially for small businesses that can’t afford to pay a ransom for their data. That’s why it’s important to stay informed about what ransomware is, how it works and the types of ransomware there are.

ransomware bug
Ransomware infects your device, locks you out and asks you to pay a ransom.

What Is Ransomware?

Ransomware is a type of malware that can either encrypt all of your data or lock you out of your computer. Once the ransomware has infected your computer, it will ask you to pay a ransom — usually in cryptocurrency — in exchange for decrypting your data or unlocking your computer. You can find out more of a ransomware definition by reading our article on what ransomware is.

Types of Ransomware Attacks

There is more than one type of ransomware, and with new ransomware threats constantly appearing it can be hard to keep track of them all. According to recent ransomware statistics from cybersecurity firm Coveware,10 these are the most widely reported ransomware families in quarter one of 2021.

  1. Sodinokibi (REvil)14.2%
  2. Conti V2 10.2%
  3. Lockbit7.5%

Percentage of the Top 10 Types of Reported Ransomware

Ransomware as a Service

You wouldn’t expect hackers and cybercriminals to have affiliate deals, but here we are. Ransomware as a service (or RaaS) is a variation on the software-as-a-service (SaaS) business model, where a ransomware group licenses out their ransomware program for use by another party or affiliate.

The ransomware gangs that license out their malware usually take the lion’s share of the ransom payment. However, some prolific ransomware groups, like the Netwalker group, sometimes take as little as 20 percent of the earnings, with affiliates getting 80 percent of the ransom.

ransomware locked out
Ransomware is becoming more targeted and more sophisticated.

Ransomware Demands Keep Rising

The year 2020 saw a rise in the ransom demanded by hackers, which increased by 60 percent since the start of the year to $178,000 on average.1 In 2021, the average ransom demand reached $220,298 — up 43 percent compared to 2020.

Although this is concerning to say the least, even more shocking was 2019’s explosive growth in ransomware demand amounts. In 2019, the average ransom demand grew 14 times, up from $6,000 in 2018 to $84,000 by the end of the year.2

Ransomware Attacks Less Frequent, But More Effective

Although 2019 saw a sharp increase in cyberattacks and ransomware incidents,2 the number of ransomware attacks has decreased in 2020,3 and dipped even further in 2021.9

This shows a shift in the ransomware landscape from previous years to more sophisticated methods of attack. Recent cybersecurity attacks take a more targeted approach, rather than the spray-and-pray tactics of past years.

Ransomware Phishing Email Attacks Take a Plunge

By the end of 2019, phishing emails were seeing a sharp decline, but in 2020 hackers have exploited the COVID-19 pandemic by sending COVID-related phishing emails. Server vulnerability exploits remain the most common ransomware attack vector and are on the rise, despite taking a dip in 2019.1

Data Leak Threats on the Rise

Once a ransomware data breach occurs, a company’s data is at the mercy of hackers, but a company can easily get its data back using a backup (if backup software was installed before the attack). However, hackers have gotten wise to this, and they’ve adapted their methods by including a threat to not only encrypt stolen data, but leak it to competitors or sell it on the black market.

In 2021, an entire 77 percent of ransomware attacks included a data leak threat, which is 10 percent higher than last year.10

High-Profile Ransomware Attacks in 2021

The world has continued to see high-profile ransom attacks in 2021, including an attack by the REvil ransomware group on the JBS meatpacking corporation, as well as a ransomware attack by DarkSide on U.S. Colonial Pipeline in May.

Colonial Pipeline delivers 45 percent of all the fuel to the U.S. Eastern Seaboard, and the weeklong ransomware attack caused public havoc with gas shortages on the East coast. Colonial Pipeline confirmed that it paid $4.4 million in bitcoin to end the double-extortion ransomware attack, but it worked with the FBI and managed to recover $2.3 million.

The Colonial Pipeline attack largely turned “ransomware attacks” into a household term in the United States and prompted the U.S. Department of Homeland Security to issue its first cybersecurity regulations for the pipeline industry.

Additionally, the string of destructive ransomware attacks in 2021 has spurred the U.S. Justice Department to elevate ransomware investigations to the same level as terrorism probes. We expect to see more destructive ransomware news in the near future.

The Projected Cost of Cybercrime in 2021

Malware attacks have caused quite a bit of damage, and not just in money paid to ransomware attacks. So, what will the projected cost of cybercrime be in 2021?

Judging by current reported cybersecurity statistics, the total damages caused by malware, including downtime costs, recovery time and lost revenue are expected to reach over $6 trillion by 2021.

Cybersecurity Ventures 2019 Official Annual Cybercrime Report Tweet This

The first half of 2021 has already seen a 102 percent increase in cybercrime over last year, and the number of global organizations that have been impacted by ransomware has more than doubled since 2020.

25 Ransomware Statistics 2021

The following statistics on cybersecurity will provide you with better insight into the potential cybersecurity threats to your business. These 2021 ransomware statistics include the risk of a potential ransomware attack, the cost of ransomware incidents to businesses both large and small and the consequences of attacks on healthcare organizations and the like.

Cost of Ransomware Statistics

ransomware cost
The cost of worldwide ransomware damages is expected to reach $265 billion by 2031.

1. How Many Businesses Are Affected by Ransomware?

According to a study by security firm Sophos,3 51 percent of all surveyed businesses were hit by ransomware in 2020, though the number of cases dropped to 37 percent in 2021.9 This number varies with the size of the company, with larger companies being more at risk.

However, it’s safe to say that any business that uses a computer system is at risk. On the other hand, individuals should be less concerned with ransomware because it usually targets businesses, though attacks on individuals do happen.

2. What Is the Global Cost of Ransomware?

Ransomware costs businesses billions of dollars each year. By the end of 2019, cybercriminals using ransomware had made off with a reported $11.5 billion in ransom payments. That number already reached $20 billion in 2021.8

3. How Much Will Ransomware Cost Organizations in the Future?

Things aren’t looking too bright in the future. If ransomware attacks keep growing in scale like they have so far, the total cost of ransomware damages around the world is expected to reach a jaw-dropping $265 billion in 2031.11

The Cost of Ransomware for Businesses (in Billions)

4. How Much Does It Cost to Recover From a Ransomware Attack?

A ransomware attack can cause a lot of trouble for a company, and the ransom isn’t the only cost it incurs. Downtime, lost opportunities, ransomware removal and recovery expenses can quickly add up. The average cost of a ransomware attack in 2021 is $1.85 million, which is almost twice what it was the previous year.9

5. What Is the Average Cost of Ransomware Downtime?

Costs due to downtime in the period following a ransomware attack, including things like lost opportunities and reduced production or operating efficiency, can be as great as the ransom paid. In 2020, the average downtime cost totaled $283,000. That’s an almost 100-percent increase from 2019, which saw downtime costs of $141,000 on average.7

6. Does Insurance Cover Ransomware?

Even if your business is hit by ransomware, you might not have to pay the full ransom out of pocket if your company is insured against cybercrime. However, you need to make sure that your cybercrime insurance covers ransomware attacks. For organizations that are covered, 94 percent are reimbursed for the ransom by their insurance company.3

Ransomware Payment Statistics

payments ransomware virus
In 2021, ransomware attackers REvil demanded $50 million from computer manufacturer Acer.

7. What Is the Average Ransomware Payment Demand in 2021?

As we briefly mentioned, the average ransom demand has soared to over $220,298 in 2021.10 This seemingly large number is mostly because of the huge ransoms that large organizations can afford to pay. Although extreme outliers usually don’t count toward averages, there are enough high-profile ransomware cases to make a big difference.

8. What Is the Average Ransomware Demand for Small Businesses?

If you own a small company, don’t worry. Those high ransom numbers are the average, but they’re far from what a smaller business normally pays. The average ransom for a small business is only $5,900.4

9. What Is the Highest Ransom Payment Demand in History?

The year 2021 saw the largest ransom demand ever made, following a successful attack on computer manufacturer Acer. Ransomware attackers REvil demanded $50 million from the computing giant, though it remains unclear whether the cyber ransom was paid or not.12

10. What Percentage of Ransomware Victims Pay the Ransom?

If you think your business can’t afford to pay ransomware groups to decrypt its data, you’re not alone. A recent cybersecurity study also found that just under a third of ransomware victims made payments to hackers.9 Luckily, there are other ways of recovering lost data, as you’ll see below.

11. Should You Always Pay the Ransom?

You might be surprised to learn that, even though an organization pays the ransom and gets its files back, the cost to recover is still greater than simply not paying up. The average cost to recover from a ransomware attack in 2020 was $1,450,000 for organizations that paid the ransom, while those that didn’t pay spent only $732,000 to recover from the attack.3

12. How Often Do Ransomware Victims Recover Their Data?

A reported 57 percent of businesses hit by ransomware recovered their data by using a backup. An additional 8 percent used other means to recover their data. Combined with the 32 percent that actually paid the ransom, this gives us a 97-percent data recovery rate9 — an encouraging number, to be sure.

How Companies Recover Data After a Ransomware Attack

13. Do Ransomware Victims Get All of Their Data Back After Paying?

Unfortunately, even those that pay to get their data back don’t get all of it. Sometimes files will get corrupted and data might be lost. In fact, on average, victims of ransomware only recover around 65 percent of stolen data after paying the ransom,9 mostly due to technical faults in the ransomware itself.10

14. How Much Does a Ransomware-as-a-Service Kit Cost?

Despite all the possible profit from extorting companies and organizations for ransom, some ransomware groups choose to simply create ransomware programs and sell them on the dark web. Some go for a pretty penny, but ransomware kits can be purchased for under $50. Some groups even take a percentage of their clients’ ransomware revenue.

Ransomware Attack Statistics

ransomware attack stats
A company is hit by ransomware every 11 seconds in 2021.

15. How Often Is a Company Hit by Ransomware?

Ransomware attacks have become so common that it’s no longer a matter of how many cyberattacks happen per day — that metric is now measured in seconds. A new company was affected by ransomware every 14 seconds in 2019. By 2021, a company will be hit by ransomware every 11 seconds.8

16. How Often Are Small Businesses Hit by Ransomware?

Although the average mom-and-pop store doesn’t have to worry too much about ransomware attacks, small companies are frequent ransomware targets. Of all ransomware attacks on enterprises in 2020, 55 percent hit businesses with fewer than 100 employees, while an entire 75 percent of attacks were on companies making less than $50 million in revenue.1

17. How Many Ransomware Attacks Are Successful?

In 2021, 54 percent of all ransomware attacks were successful.9 However, 39 percent of attacks were intercepted before they could encrypt any data. This means that anti-ransomware software, like what Acronis Cyber Protect Home Office uses, is stopping a significant number of attacks.

18. Where Do Most Ransomware Attacks Occur?

According to Blackfrog,12 which tracks publicized ransomware attacks as they happen, most attacks happen to entities based in the United States. Keep in mind that these are only high-profile cases being tracked. Taking into account nonpublic attacks, most attacks seem to occur in India.9

Percentage of Organizations Hit by Ransomware

By Country in 20209

19. Where Do Most Ransomware Attacks Come From?

Most ransomware isn’t spread by an individual; rather, certain malicious groups develop, refine and distribute the ransomware software. According to the Microsoft Digital Defense Report, a full half of these groups come from Russia. Iran, China and North Korea are other common hotbeds for ransomware groups, with the United States being the most common target.

20. How Does Ransomware Spread Most Commonly?

The three most common ways ransomware spreads are ransomware emails, software vulnerabilities and server weakness exploits.1 Because smaller businesses rarely have adequate protection in place, server exploits are most commonly used to infect them. As businesses increase in size, phishing emails become the most effective method of attack.

21. What Are the Most Common Malicious File Types?

Ransomware phishing emails will often contain an infected file. Although most people should know not to run an unverified .EXE file, seemingly innocuous file types have become the most commonly used in phishing emails. According to Symantec, the company behind Norton Security, the most common ransomware file extensions are .DOC and .DOT, the extensions for a Microsoft Word document.

22. What Are the Most Common Ransomware Attack Targets?

The most common ransomware targets in 2021 were in the education and retail sectors. Statistics on ransomware have shown that 44 percent of education institutions were hit by ransomware in 2021, and the same percentage goes for retail organizations. Distribution and transport is the sector with the fewest reported attacks, at only 25 percent.

Top Targets of Ransomware Attacks in 2021, by Percentage

23. What Sector Is the Hardest Hit By Ransomware?

Astonishing though it may sound, local government bodies are ill prepared for ransomware attacks. In fact, an entire 69 percent of ransomware attacks on local government institutions are effective at encrypting data, 15 percent higher than the average.9 Again, distribution and transport is the sector most capable of stopping an attack, with 48 percent of attacks prevented.

24. How Long Does a Ransomware Attack Take?

According to Microsoft,5 96.88 percent of all ransomware infections take under four hours to successfully infiltrate their target. The fastest malicious software can take over a company’s system in under 45 minutes.

25. What Are the Real-World Consequences of Ransomware Attacks?

Ransomware attacks don’t just cause monetary damage. In the United States alone, 764 organizations in the healthcare sector temporarily stopped operations because of ransomware in 2019, as well as 113 government institutions and 1,233 universities and school districts.6 These attacks can have a huge impact on the lives of citizens who depend on those services and can potentially be fatal.

How to Protect Yourself From Ransomware Attacks

ransomware security
Make sure to protect your company backup and to use simple security measures, like two-factor authentication.

We cannot understate the importance of the security of your business’ data. Data breaches by ransomware are a threat that not only compromises the current functioning of an organization, but also threatens the privacy of workers’ personal information. That is why every company needs a solid cybersecurity defense strategy.

The cornerstone of all the best ransomware defense strategies is having a reliable online backup, as well as local backups on different devices. As long as your data is backed up to the cloud, you can simply restore your system to its previous state, before it was infected by the ransomware attack.

Unfortunately, having a backup can’t stop cybercriminals from holding your data hostage and threatening to sell it on the dark web. A zero-trust approach to cybersecurity is essential for keeping your data safe. This includes a multifactor authentication system for logins on company devices and keeping no more data than is necessary on those devices.

ransomware demands over the years
Ransomware demands over the years.

A proactive approach to your business’ security also includes segmenting servers so that a security breach in one segment won’t lead to a company-wide compromise. Another best-practice measure is making sure that only crucial staff members have administrative permissions, so a compromise at a lower administrative level will only affect one device.

We can’t fully cover all the different methods to protect your business from a ransomware attack in this article on ransomware statistics. Thankfully, you can read about our suggested security measures in our more detailed ransomware protection article.

Final Thoughts

Every 14 seconds, a new organization gets hit by ransomware. Schools, healthcare providers and even government institutions have all become victims of ransomware attacks by cybercriminals. With even crucial public services being shut down, ransomware is now a global threat to organizations and individuals alike.

While knowing these cybersecurity stats alone won’t save you from a ransomware attack, you’ll certainly be better equipped to protect yourself from ransomware.

We hope you’ve found these ransomware statistics helpful. Did you enjoy our ransomware stats rundown? Were you shocked by any of these statistics? Let us know in the comments section below, and check out our data privacy statistics and VPN statistics pieces, too. Thank you for reading.

Sources:

  1. Coveware
  2. Coveware
  3. Sophos
  4. Datto
  5. Microsoft
  6. Emsisoft
  7. Purplesec
  8. Cybersecurity Ventures
  9. Sophos
  10. Coveware
  11. Cybersecurity Ventures
  12. Blackfog