Ransomware Statistics, Trends and Facts for 2020 and Beyond - Pentestmag

Ransomware Statistics, Trends and Facts for 2020 and Beyond


Ransomware Statistics, Trends and Facts for 2020 and Beyond

by Aleksandar Kochovski

Ransomware attacks are growing in size and frequency, threatening businesses around the world. Read this article about ransomware statistics, trends and facts to stay informed about the threat.

Ransomware has taken quite a swing in 2020. It has grown at an alarming rate, becoming a threat affecting thousands of businesses and organizations worldwide. In this article, we will lay out some ransomware statistics so that you know exactly what you’re up against when making a ransomware protection plan for your business.

Ransomware statistics

Ransomware Facts

Ransomware attacks can be scary, especially for small businesses that can’t afford to pay a ransom for their data. That’s why it’s important to stay informed about what ransomware is, how it works and the types of ransomware there are.

What Is Ransomware?

Ransomware is a type of malware that can either encrypt all of your data or lock you out of your computer. Once the ransomware has infected your computer, it will ask you to pay a ransom — usually in cryptocurrency — in exchange for decrypting your data or unlocking your computer. You can find out more by reading our article on what ransomware is.

Types of Ransomware Attacks

There is more than one type of ransomware, and with new ransomware threats constantly appearing it can be hard to keep track of them all. According to recent ransomware statistics from cybersecurity firm Coveware [1], these are the most widely reported causes of data breaches in 2020.

  1. REvil (Sodinokibi) — Ransomware program that’s difficult to detect
  2. Maze — Data-stealing ransomware that threatens to sell your data
  3. Phobos — Ransomware that locks productivity documents
Common ransomware types

The year 2020 has seen a rise in the ransom demanded by hackers, which has increased by 60 percent since the start of the year to $178,000 on average[1]. Although this is concerning, even more shocking was 2019’s explosive growth in ransomware demand amounts. In 2019, the average ransom demand grew 14 times, up from $6,000 in 2018 to $84,000 by the end of the year[2].

Although 2019 saw a sharp increase in cyberattacks and ransomware incidents[2], the number of ransomware attacks has decreased in 2020[3]. This shows a shift from previous years to more sophisticated methods of attack. Recent cybersecurity attacks take a more targeted approach, rather than the spray-and-pray tactics of past years.

By the end of 2019, phishing emails were seeing a sharp decline, but in 2020 hackers have exploited the COVID-19 pandemic by sending COVID-related phishing emails. Server vulnerability exploits remain the most common ransomware attack vector and are on the rise, despite taking a dip in 2019[1].

The Projected Cost of Cybercrime in 2021

Malware attacks have caused quite a bit of damage, and not just in money paid to ransomware attacks. So, what will the projected cost of cybercrime be in 2021?

Judging by current reported cybersecurity statistics, the total damages caused by malware, including downtime costs, recovery time and lost revenue are expected to reach over $6 trillion by 2021 [8].

— Cybersecurity Ventures 2019 Official Annual Cybercrime Report

20 Ransomware Statistics

The following statistics on cybersecurity will provide you with better insight into the potential cybersecurity threats to your business. These 2020 ransomware statistics include the risk of a potential ransomware attack, the cost of ransomware incidents to businesses both large and small, and the consequences of attacks on healthcare organizations and the like.

1. How Many Businesses Are Affected by Ransomware?

According to a study by security firm Sophos[3], 51 percent of all surveyed businesses were hit by ransomware in 2020. This number varies with the size of the company, but it’s safe to say that any business that uses a computer system is at risk. Individuals should be less concerned with ransomware because it usually targets businesses, though attacks on individuals do happen.

2. How Much Did Ransomware Cost Businesses This Year?

Ransomware costs businesses billions of dollars each year. By the end of 2019, cybercriminals using ransomware had made off with a reported $11.5 billion in ransom payments. By the end of 2020, that number is projected to reach $20 billion[8].

How much ransomware cost businesses

3. What Is the Average Ransomware Payment Demand?

As we briefly mentioned, the average ransom demand has soared to over $178,000 in 2020[1]. This seemingly large number is mostly because of the huge ransoms that large organizations can afford to pay. Although extreme outliers usually don’t count toward averages, there are enough high-profile ransomware cases to make a big difference.

4. What Is the Average Ransomware Demand for Small Businesses?

If you own a small company, don’t worry. Those high ransom numbers are the average, but they’re far from what a smaller business normally pays. The average ransom for a small business is only $5,900[4].

5. What Was the Highest Ransomware Payment in 2020?

The highest reported payment was also the first ransomware attack of the year, targeting Travelex. The ransom settlement was rumored to be around $6 million, though the exact amount remains unknown. The largest 2020 ransomware demand so far involved the French construction firm Bouygues. The demanded sum was 10 million euros, or around $11.8 million.

Average ransom demands

6. What Is the Average Cost of Ransomware Downtime?

Costs due to downtime, including things like lost opportunities and reduced production or operating efficiency, can be as great as the ransom paid. In 2020, the average downtime cost totaled $283,000. That’s an almost 100-percent increase from 2019, which saw downtime costs of $141,000 on average[7].

7. How Much Does It Cost to Recover From a Ransomware Attack?

Although you might expect that paying the ransom will save ransomware victims money, one study[3] found that paying the ransom will double the cost to fix the issues caused by ransomware. The average cost to recover from a ransomware attack was $1,450,000 for companies that paid the ransom, while those that didn’t pay spent only $730,000 to recover from the attack.

8. What Percentage of Ransomware Victims Pay the Ransom?

If you think your business can’t afford to pay ransomware groups to decrypt its data, you’re not alone. The previous cybersecurity study[3] also found that only around a quarter of ransomware victims made payments to hackers. Luckily, there are other ways of recovering lost data, as you’ll see below.

Percentage of businesses that payed ransom demands

9. How Often Do Ransomware Victims Recover Their Data?

A reported 56 percent of businesses hit by ransomware recovered their data by using a backup. An additional 12 percent used other means to recover their data. Combined with the 26 percent that actually paid the ransom, this gives us a 94-percent data recovery rate[3] — an encouraging number, to be sure.

10. How Much Does a Ransomware Kit Cost?

Despite all the possible profit from extorting companies for ransom, some ransomware groups choose to simply create ransomware programs and sell them on the dark web. Some go for a pretty penny, but ransomware kits can be purchased for under $50. Some groups even take a percentage of their clients’ ransomware revenue.

11. Does Insurance Cover Ransomware?

Even if your business is hit by ransomware, you might not have to pay the full ransom out of pocket if your company is insured against cybercrime. However, you need to make sure that your cybercrime insurance covers ransomware attacks. For companies that are covered, 94 percent are reimbursed for the ransom by their insurance company[3]

12. Where Do Most Ransomware Attacks Come From?

Most ransomware isn’t spread by an individual; rather, certain malicious groups develop, refine and distribute the ransomware software. According to the Microsoft Digital Defense Report, a full half of these groups come from Russia. Iran, China and North Korea are other common hotbeds for ransomware groups, with the United States being the most common target.

13. How Does Ransomware Spread Most Commonly?

The three most common ways ransomware spreads are ransomware emails, software vulnerabilities and server weakness exploits[1]. Because smaller businesses rarely have adequate protection in place, server exploits are most commonly used to infect them. As businesses increase in size, phishing emails become the most effective method of attack.

14. What Are the Most Common Malicious File Types?

Ransomware phishing emails will often contain an infected file. Although most people should know not to run an unverified .EXE file, seemingly innocuous file types have become the most commonly used in phishing emails. According to Symantec, the company behind Norton Security, the most common ransomware file extension is .DOC and .DOT, the extensions for a Microsoft Word document.

15. What Are the Most Common Ransomware Attack Targets?

Although attacks on schools, healthcare organizations and government institutions get all the press when it comes to ransomware, the public sector is actually less affected by ransomware[3]. Ransomware statistics have shown that only 45 percent of public institutions were hit by ransomware, which is six percent lower than the overall average.

16. How Often Is a Company Hit by Ransomware?

Ransomware attacks have become so common that it’s no longer a matter of how many cyberattacks happen per day — that metric is now measured in seconds. A new company was affected by ransomware every 14 seconds in 2019. By 2021, a company will be hit by ransomware every 11 seconds [8].

17. How Often Are Small Businesses Hit by Ransomware?

Although the average mom-and-pop store doesn’t have to worry too much about ransomware attacks, small companies are frequent ransomware targets. Of all ransomware attacks on enterprises in 2020, 55 percent hit businesses with fewer than 100 employees, while an entire 75 percent of attacks were on companies making less than $50 million in revenue[1].

18. How Long Does a Ransomware Attack Take?

According to Microsoft[5], 96.88 percent of all ransomware infections take under four hours to successfully infiltrate their target. The fastest malicious software can take over a company’s system in under 45 minutes.

19. How Many Ransomware Attacks Are Successful?

In 2020, 73 percent of all ransomware attacks were successful[3]. However, 24 percent of attacks were intercepted before they could encrypt any data. This means that anti-ransomware software, like what Acronis True Image uses, is stopping a significant number of attacks.

Success of ransomware attacks

20.  What Are the Real-World Consequences of Ransomware Attacks?

Ransomware attacks don’t just cause monetary damage. In the United States alone, 764 healthcare providers temporarily stopped operations because of ransomware in 2019, as well as 113 government institutions and 1,233 universities and school districts[6]. These attacks can have a huge impact on the lives of citizens who depend on those services and can potentially be fatal.

How to Protect Yourself From Ransomware Attacks

We cannot understate the importance of the security of your business’ data. Data breaches by ransomware are a threat that can not only compromise the current functioning of an organization, but also threatens the privacy of workers’ personal information. That is why every company needs a solid cybersecurity defense strategy.

The cornerstone of all the best ransomware defense strategies is having a reliable online backup, as well as local backups on different devices. As long as your data is backed up to the cloud, you can simply restore your system to its previous state, before it was infected by the ransomware attack.

Unfortunately, having a backup can’t stop cybercriminals from holding your data hostage and threatening to sell it on the dark web. A zero-trust approach to cybersecurity is essential for keeping your data safe. This includes a multifactor authentication system for logins on company devices and keeping no more data than is necessary on those devices.

Ransomware demands over years

A proactive approach to your business’ security also includes segmenting servers so that a security breach in one segment won’t lead to a company-wide compromise. Another best-practice measure is making sure that only crucial staff has administrative permissions, so a compromise at a lower administrative level will only affect one device.

We can’t fully cover all of the different methods to protect your business from a ransomware attack in this article on ransomware statistics. Thankfully, you can read about our suggested security measures in our more detailed ransomware protection article.

Final Thoughts

Every 14 seconds, a new organization gets hit by ransomware. Schools, healthcare providers and even government institutions have all become victims of ransomware attacks by cybercriminals. With even crucial public services being shut down, ransomware is now a global threat to businesses and individuals alike.

While knowing these cybersecurity stats alone won’t save you from a ransomware attack, you’ll certainly be better equipped to protect yourself from ransomware.

We hope you’ve found these ransomware statistics helpful. Did you enjoy our ransomware statistics rundown? Were you shocked by any of these statistics? Let us know in the comments section below. Thank you for reading.


1. Coveware

2. Coveware

3. Sophos

4. Datto

5. Microsoft

6. Emsisoft

7. Purplesec

8. Cybersecurity Ventures

Originally published at: https://www.cloudwards.net/ransomware-statistics/ 

March 5, 2021
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023