September 1, 2021
By Rob Sobers from afcea.org
Ransomware is a form of malicious software that infiltrates a computer or network and limits or restricts access to critical data by encrypting files until a ransom is paid.
Ransomware attacks are on the rise and continue to be a disruptive force in the cybersecurity industry, affecting everything from financial institutions to higher education. Due to the rise in remote work prompted by the pandemic, attacks are up 148%.
Read these top ransomware statistics to know in 2021, plus tips on how to avoid becoming a victim and keeping your organization protected.
2021 has seen a steady rise in the number of cyberattacks and ransoms demanded by hackers. Below are some of the most visible trends in ransomware that have affected the cyber landscape most recently.
Exploitation of IT Outsourcing Services
Ransomware gangs have been shifting their focus to managed service providers (MSPs), a platform that serves many clients at once. This means that if a hacker gains access to one MSP, it could also reach the clients it’s serving as well. Most of the time, MSPs are hacked due to remote access tools that are poorly secured.
Attention Shifting to Vulnerable Industries
Due to the pandemic, cyberattackers have been taking advantage of industries that have been hit the hardest, such as healthcare industries, municipalities, and educational facilities. These hackers also see the pandemic as an opportunity to take advantage of employees that are now working remotely on their personal devices.
Ransomware Is Evolving (and so Are Defenses)
In 2021, ransomware and the tactics that hackers use to carry out attacks is evolving — but luckily, so are the defenses. In recent years, new ransomware have been discovered, including:
- Netwalker: Created by the cybercrime group known as Circus Spider in 2019, this ransomware allows hackers to rent access to the malware code in exchange for a percentage of the funds that are received.
- DarkSide: DarkSide is a recent group that ultimately targets theft and encryption of sensitive data, including backups through RaaS.
- Conti: Conti ransomware uses a double-extortion technique to encrypt data on an infected machine. Attackers from this group usually send a phishing email originating from an address that the victim trusts.
- REvil: Also known as Sodin and Sodinokibi, REvil is a ransomware group that has gained a reputation for extorting larger ransom payments than their competitors, as well as promoting underground cybercrime forums.
- Since these newer strains of ransomware behave differently today, there is now a need for alternate methods of detection. Recently defenses have begun to harden, including improved heuristics or behavioral analysis, and the use of canary or bait files for earlier detection.
- Additionally, increased effort needs to be put into predicting and anticipating risks rather than the old “detect and respond” approach.
The Spread to Mobile Devices
Hackers have been taking advantage of mobile device features such as emergency alerts and relaxed permissions to spread malware. The majority of mobile ransomware variants have the ability to cover every browser window or app with a ransom note, rendering the mobile device unusable.
Ransomware-as-a-Service Is Increasing
Ransomware-as-a-service, or RaaS, is a subscription that allows affiliates to use ransomware tools that are already developed to carry out ransomware attacks. It also allows them to extend their reach and the decentralized nature of the attacks makes it difficult for the authorities to shut down the attack.
Additionally, the creators of these tools take a percentage of each successful ransom payment. As the average ransom demanded by hackers has increased by 33% since Q3 2019 ($11,605), affiliates are making up to 80% from each payment.
Top Ransomware Statistics
Ransomware is an ever-growing threat to thousands of organizations and businesses worldwide. Since 2016, over 4,000 ransomware attacks have happened daily in the U.S. Here are the top ransomware statistics you need to be aware of today:
- Ransomware remains the most prominent malware threat. (Datto, 2019)
- Malicious emails are up 600% due to COVID-19. (ABC News, 2021)
- 37% of respondents’ organizations were affected by ransomware attacks in the last year. (Sophos, 2021)
- In 2021, the largest ransomware payout was made by an insurance company at $40 million, setting a world record. (Business Insider, 2021)
- The average ransom fee requested has increased from $5,000 in 2018 to around $200,000 in 2020. (National Security Institute, 2021)
- Experts estimate that a ransomware attack will occur every 11 seconds in 2021. (Cybercrime Magazine, 2019)
- Out of 1,086 organizations whose data had been encrypted, 96% got their data back. (Sophos, 2021)
- About 1 in 6,000 emails contain suspicious URLs, including ransomware. (Fortinet, 2020)
- The average downtime a company experiences after a ransomware attack is 21 days. (Coveware, 2021)
- 71% of those who are affected by ransomware have been infected. Half of the ransomware attacks that are successful infect at least 20 computers in the organization. (Acronis, 2020)
- The most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities. (Cybersecurity & Infrastructure Security Agency, 2021)
- 65% of employers allow their employees to access company applications from unmanaged, personal devices. (Bitglass, 2020)
- From a survey conducted with 1,263 companies, 80% of victims who submitted a ransom payment experienced another attack soon after, and 46% got access to their data but most of it was corrupted. (Cybereason, 2021)
- Additionally, 60% of survey respondents experienced revenue loss and 53% stated their brands were damaged as a result. (Cybereason, 2021)
- 29% of respondents stated their companies were forced to remove jobs following a ransomware attack. (Cybereason, 2021)
- 42% of companies with cyber insurance policies in place indicated that insurance only covered a small part of damages resulting from a ransomware attack. (Cybereason, 2021)
Industry-Specific Ransomware Stats
Ransomware attacks impact almost all businesses of all sectors and sizes. In 2019, nearly 56% of organizations across multiple industries reported a ransomware attack. Check out more shocking statistics by industry below.
- Over 2,100 data breaches in the healthcare industry have been reported since 2009. (Tech Jury, 2021)
- Healthcare organizations dedicate only around 6% of their budget to cybersecurity measures. (Fierce Healthcare, 2020)
- Ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020. (Health and Human Services, 2021)
- Attacks on healthcare cost more than any other industry at $408 per record. (HIPAA Journal, 2020)
- Ransomware attacks against U.S. healthcare providers have caused over $157 million in losses since 2016. (HIPAA Journal, 2020)
- In 2020, 560 healthcare facilities were affected by ransomware attacks in 80 separate incidents. (Emsisoft, 2021)
- Nearly 80 million people were affected by the Anthem Breach in 2015, the largest healthcare data breach in history. (Wall Street Journal, 2015)
- Healthcare received 88%t of all ransomware attacks in the United States in 2016. (Becker’s, 2016)
- In September 2020 alone, cybercriminals infiltrated and stole 9.7 million medical records. (HIPAA Journal, 2020)
- Ransomware attacks against universities increased by 100% between 2019 and 2020. (BlueVoyant, 2021)
- The average cost of a ransomware attack in the higher education industry is $447,000. (BlueVoyant, 2021)
- Since 2020, 1,681 higher education facilities have been affected by 84 ransomware attacks. (Emsisoft, 2021)
- 66% of universities lack basic email security configurations. (BlueVoyant, 2021)
- 38% of analyzed universities in the Cybersecurity in Higher Education Report had unsecured or open database ports. (BlueVoyant, 2021)
- Cyberattacks against K-12 schools rose 18% in 2020. (K-12 Cybersecurity, 2020)
- A school district in Massachusetts paid $10,000 in Bitcoin after a ransomware attack in April 2018. (Cyberscoop, 2018)
Finance & Insurance
- 62% of all records leaked in 2019 were from financial institutions. (Bitglass, 2019)
- Over 204,000 people experienced a login attempt to access their banking information. (Hub Security, 2021)
- 90% of financial institutions have been targeted by ransomware attacks. (PR Distribution, 2018)
- There’s a rising threat to small financial institutions with less than $35 million in revenue. (National Credit Union Administration, 2019)
- In 2020, 70% of the 52% of attacks that went after financial institutions came from the Kryptik Trojan malware. (Hub Security, 2021)
- LokiBot has targeted over 100 financial institutions, getting away with more than $2 million in revenue. (Hub Security, 2021)
- Banks experienced a 520% increase in phishing and ransomware attempts between March and June in 2020. (American Banker, 2020)
- In 2020, 33% of attacks on governmental bodies were ransomware (Security Intelligence, 2020)
- In June 2019, a city in Florida paid a $600,000 ransom to recover hacked files. (CBS News, 2019)
- Only around 38% of local and state government employees are trained in ransomware attack prevention. (IBM, 2020)
- A ransomware attack against a Southern city in 2020 cost over $7 million. (SC Magazine, 2020)
- A ransomware attack struck an East coast city in 2019 and caused a loss of over $18 million. (Baltimore Sun, 2019)
- In 2019, 226 U.S. city mayors in 40 states agreed to a pact that denies ransom payments to cybercriminals. (Hashed Out, 2020)
- In 2019, attacks against municipalities increased 60% from the year before. (Kaspersky Labs, 2019)
- The top cybersecurity story in 2019 was ransomware attacks against state and local governments. (Government Technology, 2019)
- 48 of the 50 U.S. states were affected by at least one ransomware attack from 2013 to 2018. (Bank Info Security, 2019)
Mobile Ransomware Statistics
With the increase of dependence on mobile phones, especially with the use of personal mobile devices in the workplace, comes a higher risk of ransomware attacks. Within the workplace, employees are likely to access sensitive information from their mobile devices via corporate Wi-Fi and oftentimes unsecured networks.
This leaves the user and their organization with huge vulnerabilities to be exploited. Take a look at some Wi-Fi security tips to prevent falling victim to a hacker.
- More than 68,000 new ransomware Trojans for mobile were found in 2019. (Hashed Out, 2020)
- In 2017, mobile malware variants increased by 54%. (Symantec, 2018)
- Over 4.2 million American mobile users have suffered ransomware attacks on their phones. (Kaspersky, 2020)
- In 2018, Symantec detected over 18 million mobile malware instances. (Symantec, 2018)
- Fewer than 20% of mobile malware is delivered via browser. (RSA Current State of Cybercrime, 2019)
- 60,176 mobile ransomware Trojans were detected in 80,638 users in 150 different countries in 2018. (Kaspersky, 2018)
- There are over 4,000 mobile threat variants and families within the McAfee sample database. (McAfee, 2021)
- Over 8,000 mobile banking ransomware Trojan installations were detected in 2018. (Kaspersky, 2018)
- 900,000 Android phones were hit by ScarePackage ransomware in just 30 days. (KnowBe4, 2020)
Ransomware Cryptocurrency Stats
Since the start of Bitcoin, the world’s first cryptocurrency, transferring money and data has become increasingly efficient. As of 2021, there are over 4,000 different types of cryptocurrency. With this advancement in digital and financial technology, new threats in cybersecurity have come to the surface.
- In June 2020, a West Coast university paid cybercriminals $1.14 million in Bitcoin after a ransomware attack. (BBC News, 2020)
- In 2017, 95% of all ransom payments were cashed out via BTC-e, a Bitcoin platform. (Bleeping Computer, 2017)
- In 2020, ransomware payments were 7% of all funds received by cryptocurrency addresses. (Chainalysis, 2020)
- Hackers who attacked an oil company earned over $90 million in Bitcoin. (Business Insider, 2021)
- Cryptocurrency transactions can be traced back to the individual 60% of the time. (MIT Tech Review, 2017)
- Illegal activity represented 2.1% of all cryptocurrency transaction volume or about $21.4 billion worth of transfers in 2019. (Chainalysis, 2021)
The Cost of Ransomware Attacks
Ransomware attacks can be costly (fiscally and to your reputation) — businesses around the globe that have been victims of ransomware attacks have spent around $144.2 million in resolving the effects of the attacks. Here are some statistics covering the costs that are caused by ransomware attacks.
- The value of ransom demands has gone up, with some demands exceeding over $1 million. (Cybersecurity & Infrastructure Security Agency, 2021)
- The cost of ransomware attacks surpassed $7.5 billion in 2019. (Emsisoft, 2019)
- In 2021, the average payout by a mid-sized organization was $170,404. (Sophos, 2021)
- In May 2021, Chief Executive paid hackers $4.4 million in bitcoin after receiving a ransom note. (The Wall Street Journal, 2021)
- In Q1 2017, FedEx lost an estimated $300 million from the NotPetya ransomware attack. (Cyberscoop, 2021)
- The average cost to recover from a ransomware attack is $1.85 million. (Sophos, 2021)
- Damage as a result of ransomware attacks was over $5 billion in 2017 — 15 times the cost in 2015. (Cyber Security Ventures, 2017)
- Downtime costs are up 200% year-over-year (2019 vs. 2018). (Datto, 2019)
- On average, ransomware attacks cause 15 business days of downtime. Due to this inactivity, businesses lost around $8,500 an hour. (Health IT Security, 2020)
- Ransomware that attacked an unnamed oil and gas company cost $30 million. (Datto, 2017)
- The hacker group behind an oil company attack allegedly acquired $90 million in ransom payments in only nine months from around 47 victims. (Fox Business, 2021)
- Four times as many businesses affected by ransomware attacks with over 100 employees reported paying ransoms. (Dark Reading survey, 2020)
Ransomware Projections & Future Trends
Ransomware is an ever-growing issue in the cybersecurity space and continues to shape the world today. Looking ahead, here are some statistics that cover the projections and future trends of ransomware.
- The total ransomware costs are projected to exceed $20 billion in 2021. (Cybercrime Magazine, 2019)
- Cybersecurity Ventures predicts that ransomware will cost $6 trillion annually. (Cybersecurity Ventures, 2020)
- In the future, there will be an increase in organizations that will switch to zero-trust security models due to the vulnerability of identity-based threats. (RSA Security, 2020)
- Remote workers will be the main target of cybercriminals throughout 2021. (Security Magazine, 2020)
- 84% of organizations will keep remote work as the norm even after COVID-19 restrictions are lifted, resulting in an increase of internet users and a greater risk of data exposure. (Bitglass, 2020)
- Future hackers will target stay-at-home workers since personal devices are easier to hack than office hardware. (Security Magazine, 2020)
How To Prevent a Ransomware Attack
Ensure you take the steps to prevent an attack and data loss within your organization. Here are a few effective ways to prevent ransomware from affecting your company.
Educate Your Employees
Utilize security training within your company to help your employees gain a better understanding of cybersecurity and its importance. Implementing these trainings will help ensure a working culture that is even more cyber-resilient.
Avoid Clicking on Suspicious Links
Be wary of opening or clicking on attachments or links that come from spam or unsolicited emails. According to Verizon’s 2018 Data Breach Investigations Report, phishing is involved in 70% of data breaches. To avoid this, it’s beneficial to know how to spot a phishing scam.
Use Email and Endpoint Protections
Be sure to scan all emails and filter malicious attachments and links, and keep firewalls and endpoint detection software up-to-date with the latest malware signatures. You should also notify users of out-of-network emails and provide VPNs for users to use outside of the network.
Use a Stronger Password System
Password security is crucial when protecting the assets of a company. Utilize two-factor authentication within your organization to prevent password sharing and the overuse of the same password. It may also be beneficial to use an SSO system for additional security.
Keep Immutable, Offsite Backups
Make sure you have backups of any important or sensitive data and systems. Practice your restore motion in the event of a ransomware strike. Limit access to backups as ransomware gangs often target backup files to cripple your ability to restore.
However, keep in mind that backups cannot help in cases where the ransomware actor has also exfiltrated the data to their own servers and threatens to release that data publicly unless the ransom is paid. To combat exfiltration, consider data loss prevention software.
How to Mitigate the Impact of Ransomware
Reduce Your Blast Radius
Your blast radius is the amount of damage that can be caused by compromising a single random user or device. Reduce your blast radius by limiting access to critical data so that only those that require access have it.
Implement a Zero Trust Security Model
Assume your perimeter defenses will fail and make sure everything within your perimeter is safe and secure. The Zero Trust security model requires you to authenticate all users and devices that connect to your network, every time they connect, not just once. You must also monitor activity in your environment and ensure users only have access to what they need, and nothing else.
Utilize UEBA for Threat Detection & Response
You should always monitor for and alert on telltale signs of ransomware activity on your data. Utilize user and entity behavior analysis tools to detect and alert when users or devices behave abnormally and implement automatic responses to stop threats in their tracks.
Ransomware Statistics FAQ
Below are a few of the most frequently asked ransomware questions, with answers supported by additional ransomware statistics and facts.
Q: How long does a ransomware attack take?
A: The average time it takes for ransomware to start encrypting files in your computer is three seconds. (Commodo, 2020)
Q: What percentage of cyberattacks are ransomware?
A: Ransomware accounted for 15% of cyberattack incidents in the U.S. in 2018. (Statista, 2021)
Q: What is the average payout for ransomware?
Q: What is the average payout for small businesses?
A: Smaller businesses are impacted less than bigger companies. However, the average payout for a small business is around $5,900. (Datto)
Q: Do I have to pay for a ransomware attack?
The FBI does not support paying a ransom since it does not guarantee that you or your company will have the data returned to you (Federal Bureau of Investigation). Paying ransoms can also encourage the attacker to go after additional victims.
Ransomware is not going away any time soon — as an organization, it’s important to stay ahead of cybercriminals and take the steps to become more cyber aware. Learn how to protect your business and gauge your readiness for a potential ransomware attack with a free ransomware preparedness assessment.
For more, go to the Varonis blog.
Rob Sobers is a software engineer specializing in web security and is the co-author of the book Learn Ruby the Hard Way.