*This article is regularly updated with the latest ransomware statistics for 2018 – 2021. We’ve compiled 35+ ransomware facts, figures, and trends along with a round-up of predictions from industry experts at the bottom of the article.

At one point just a buzzword, ransomware is now an all-too-real threat to businesses, governments, and individuals worldwide. The problem with ransomware is twofold:

First, ransomware is designed to completely encrypt a victim’s file system, potentially causing an irreversible loss of data. Second, an increasing number of cybercriminals are utilizing ransomware to extract money out of victims. Some surveys have shown that losses for businesses can average $2,500 for each incident, with businesses willing to shell out millions of dollars to decrypt their data in some instances.

The threat is only growing, as some reports find. The Beazley Group, for example, found that this kind of attack increased by more than 130% in 2020. Further, while small-to-midsized businesses were at the largest risk, ransom demands regularly hit seven or even eight-figures. The highest ransom the company paid out for its clients in 2018 was over $930,000.

Ransomware statistics by market segment
Source: Beazley Group

All of this is proof positive that this type of threat continues to be an extremely lucrative venture for cybercriminals, with attackers against all sources (businesses, governments, and individuals) now collecting around $83,000 per attack.

To get a better idea of what the ransomware landscape looks like, we’ve gathered some of the most interesting facts and statistics from 2018 to 2021 that highlight this ongoing security concern.

See also: Best ransomware protection tools

When data loss meets dollars

Given the whole purpose of ransomware is to extract money from victims, total loss values are often the numbers people care about the most. Between 2018 and 2020, an increasingly large number of businesses, governments, and individuals faced huge losses thanks to these types of virus attacks.

Notably, CWT, a travel-management company shelled out $4.5 million to hackers holding its data for ransom. While this represents a particularly huge payout, it’s still less than half of the attacker’s initial demand of $10 million.

Further, 2020 saw a spate of attacks focused on hospitals. Given that these institutions are already spread very thin thanks to the pandemic, there’s a huge amount of pressure to pay, although the FBI strongly advises against doing so.

The biggest news-maker for 2019, was the ransomware attack on Baltimore City government. The city’s computer system was infected in May 2019 and kept the city’s government crippled for over a month. Estimates put the cost to recover at over $18 million dollars, although the cybercriminal behind the malware only demanded $76,000 worth of Bitcoin. The attack reportedly impacted vaccine production, ATMs, airports, and hospitals.

Just about a year earlier, the Atlanta city government spent over $17 million to recover from a virus attack that demanded $52,000 in Bitcoin.

While many chose not to pay the cost for ransomware (and indeed, most security professionals say paying is typically a bad idea anyway), those that do pay up often find their files remain encrypted. After all, placing trust in the good graces of criminals often leads to disappointment.

ransomware facts 2019
Source: Symantec

With current trends, loss values are likely to exceed $20 billion by 2021. Additionally, as well as walking off with more money from ransomware in recent years, cybercriminals also caused far more damage than ever before.

  • More than 10 universities across the UK and Canada were compromized after attackers successfully hacked Blackbaud, a cloud computing provider frequently used by educational institutions. Despite claiming it had succesfully repelled the attack, it was later revealed that Blackbaud simply paid the ransom.
  • Garmin, a major player in the tech space, suffered a severe breach that brought its GPS services offline for several days. In order to regain control, the company allegedly paid a $10 million ransom.
  • Cyber attacks marred the start of the 2019-2020 academic school year for two American colleges. Regis University in Denver, Colorado, had its entire phone and internet services shut down after a late August cyber attack. Meanwhile, Monroe College in New York City had files locked down due to ransomware. The school did not reveal whether or not it paid the ransom. (Source: Inside Higher Ed)
  • A ransomware attack against the New Orleans city government in early 2020 cost the city over $7 million dollars. Thankfully, the city carries cybersecurity insurance and received $3 million back—which may indicate the city was still underinsured. (Source: SC Magazine)
  • The Baltimore City government was hit with a massive ransomware attack in 2019 that left it crippled for over a month, with a loss value of over $18 million. (Source: Baltimore Sun)
  • New York City’s capital was hit with a ransomware attack in 2019 that took several key services offline. (Source: CNET)
  • The Ryuk ransomware is responsible for the large rise in ransomware payment costs. Ryuk demands $288,000 per incident, on average, compared to around $10,000 demanded by other ransomware. (Source: Coveware)
  • The Ryuk ransomware is also primarily being used to target large companies and organizations with an average of 254 employees. (Source: Coveware)
  • The city of Riviera Beach in Florida paid a $600,000 ransom in June 2019 to recover files following a ransomware attack. (Source: CBS News)
  • Multiple healthcare providers were hit with ransomware in early 2019 and paid the ransom to retrieve files. One paid $75,000 to recover its encrypted files. (Source: Health IT Security)
  • Ransomware downtime costs organizations more than $64,000 on average. (Source: Coveware)
  • Ransomware is costing businesses more than $75 billion per year. (Source: Datto)
  • The FBI suggests ransom payments are totaling around $1 billion. (Source: Datto)
  • In 2018, businesses lost around $8,500 per hour due to ransomware-induced downtime. (Source: Govtech)
  • Enterprise ransomware infections were up 12 percent in 2018. (Source: Symantec)
  • Symantec also found enterprises accounted for 81 percent of all ransomware attacks in 2018. (Source: Symantec)
  • MSP businesses reported an average payment of $5,600 in 2020. (Source: Datto)
  • Nearly 40 percent of victims paid the ransom. (Source: Malwarebytes)
  • Only 38% of state and local government employees are trained in ransomware prevention. (Source: IBM)
  • Albany County in New York was hit by three cyberattacks in the span of three weeks in late 2019, including a Christmas day attack on the Albany County Airport Authority (ACAA) that resulted in an undisclosed ransomware payment by the ACAA. (Source: Times Union)
  • After getting hit by the SamSam ransomware in March 2018, Atlanta, Georgia, has spent more than $5 million rebuilding its computer network, including spending nearly $3 million hiring emergency consultants and crisis managers. (Source: Statescoop)
  • A Massachusetts school district paid $10,000 in Bitcoin after a ransomware attack in April 2018. (Source: Cyberscoop)
  • 96 percent of organizations that paid the ransom received a decryption tool from the hackers. (Source: Coveware)
  • Decryption success depends on the type of virus. Dharma variants were often unreliable after paying the ransom, compared to GrandGrab TOR which almost always delivered a successful decryption tool after a ransom was paid. (Source: Coveware)
  • Criminals take the money and disappear without decrypting your data just 1% of the time. (Source: Sophos)
  • Bitcoin was the primary method of payment for ransomware. Around 98 percent of payments were made in Bitcoin. (Source: Coveware)
  • Companies providing professional services are still the most likely to be targeted, although public sector organizations are becoming a more popular target. (Source: Coveware)

Ransomware continues to grow, hitting consumers and businesses hard

The hard truth about ransomware is that knowing more about the threat doesn’t easily translate to a decreased impact. FedEx is a good example of this. Despite knowledge of the threat for years now, the company saw a $300 million loss in 2017 due to these crippling virus attacks. The loss was not a result of paying the ransom but primarily for the cost of disaster recovery and system downtimes. The company’s lack of cyber insurance highlights the fact that many individuals and even large, multinational businesses have yet to fully grasp the threat.

As for readiness for ransomware and other cyber threats, a 2018 survey of IT professionals found that those working in the healthcare industry were most likely to report a lack of preparedness for an attack. Over 50 percent believed their industry simply isn’t ready to handle the threat.

Nevertheless, as more reports roll in, it’s clear that ransomware is now the preferred medium of choice for cybercriminals. As 2021 continues to progress, we’re likely to see reports from major players indicating that year-over-year growth in virus-related ransom threats is increasing at an incredible pace.

That being said, here are some of the ways ransomware hit hard and fast in the past two years.

  • A Q1 2020 report from Coveware found that ransomware payments doubled in part thanks to the increased targeting of major companies. (Source: Coveware)
  • Coveware also found that most companies that pay the ransom (99 percent) receive their decryption tool from the threat actor. A surprisingly high 96 percent of victims also report that the tool worked to decrypt and recover the files, adding some confidence for victims choosing to pay the ransom. (Source: Coveware)
  • Most users who recover their data do so in ways other than by paying the ransom. (Source: Datto)

    Source: Datto
  • According to a 2020 Ransomware Resiliency Report by NinjaRMM, managed service providers (MSPs) lose far more clients following a ransomware attack than they anticipate. In fact, 57% lost 11-20% of their client base after a ransomware attack; 13% of businesses lost over 50% of their clients. Conversely, around 35% of MSPs expected to lose no more than 10% of their clients after a ransomware attack. (Source: NinjaRMM)
  • Around 40% of MSPs and IT professionals believe their organization could not withstand $500,000 or more in damage related to a ransomware attack. Considering 52% of businesses that suffered from a ransomware attack reported suffering over $500,000 in damage, many businesses could experience irreparable damage should an attack occur. (Source: NinjaRMM)
  •  NinjaRMM reports that half of all MSPs believe they can sustain up to 2 days of downtime before losing clients, yet most affected clients actually experienced 3 to 14 days of downtime. This prolonged period of downtime could be a major factor in client church rate but does indicate that many MSPs overestimate how quickly they’ll lose clients when downtime occurs. (Source: NinjaRMM)

Ransomware predictions: 2021 and beyond

Unfortunately, ransomware isn’t going anywhere fast. Cybercriminals have learned just how lucrative encrypting data can be, especially thanks to the influx of Ransomware-as-a-Service programs that require no expertise to use. Other forms of security threats still exist, data breaches in particular, but criminals who want to extract an easy buck are regularly turning to readily-available ransomware packages.

So what can we expect in 2021 and beyond? Here are a few predictions.

  • Cybersecurity Ventures predicts ransomware will cost $6 trillion annually by 2021, and that an attack will take place every 11 seconds on average. (Source: Cybersecurity Ventures)
  • Security predicts that future attacks will target remote workers, since their personal devices are likely easier to compromise than office hardware. (Source: Security)
  • McAfee predicts that attackers will increasingly target home-workers in order to compromise their employer.  (Source: McAfee)
  • Booz Allen Hamilton predicts that criminals will continue to focus and refine their business strategies, effectively creating a streamlined ransomware-for-hire service. (Source: Booz Allen Hamilton)
  • Check Point predicts an increase in the number of two-step ransomware attacks. (Source: Check Point)
  • According to RSA Security, more organizations will switch to zero-trust security models as a result of the increased vulnerability from identity-based threats. (Source: RSA Security)

See also: Cybersecurity and cybercrime statistics