*This article is regularly updated with the latest ransomware statistics for 2017 – 2019. We’ve compiled 40+ ransomware facts, figures and trends along with a round-up of predictions from industry experts at the bottom of the article.

Ransomware. At one point just a buzzword, ransomware is now an all-too-real threat to businesses, governments, and individuals worldwide. The problem with ransomware is twofold.

First, ransomware is designed to completely encrypt a victim’s file system, potentially causing an irreversible loss of data. Second, an increasing number of cybercriminals are utilizing ransomware to extract money out of victims. Some surveys have shown that ransomware losses for businesses can average $2,500 for each incident, with businesses willing to shell out upwards of close to a million dollars to decrypt their data in some instances.

The threat is only growing, as some reports find. The Beazley Group, for example, found that small-to-midsized businesses were at the largest risk. The highest ransom the company paid out for its clients in 2018 was over $930,000.

ransomware STATS 2019
Source: Beazley Group

All of this is proof positive that ransomware continues to be an extremely lucrative venture for cybercriminals, with attackers against all sources (businesses, governments, and individuals) now demanding around $13,000 per attack.

To get a better idea of what the ransomware landscape looks like, we’ve gathered some of the most interesting facts and statistics from 2017 to present that highlight this ongoing security concern.

See also: Cybersecurity and cybercrime statistics

When data loss meets dollars

Given the whole purpose of ransomware is to extract money from victims, total loss values are often the numbers people care about the most. In 2017 and 2018, an increasingly large number of businesses, governments, and individuals faced huge losses thanks to ransomware. We’re already seeing huge losses to institutions in 2019 as well.

The biggest news-maker for 2019, in fact, is the Baltimore City government. The city’s computer system was hit with a ransomware infection in May 2019 that kept the city’s government crippled for over a month. Estimates put the cost to recover at over $18 million dollars, although the cybercriminal behind the ransomware only demanded $76,000 worth of Bitcoin. The attack reportedly impacted vaccine production, ATMs, airports, and hospitals.

Just about a year earlier, the Atlanta city government spent over $17 million to recover from a ransomware attack that demanded $52,000 in Bitcoin.

While many chose not to pay the cost for ransomware (and indeed, most security professionals say paying is typically a bad idea anyway), those that do pay up often find their files remain encrypted. After all, placing trust in the good graces of criminals is often leads to disappointment.

Even worse, most ransomware creators demand payment in expensive cryptocurrencies, chiefly Bitcoin.

ransomware facts 2019
Source: Symantec

With current trends, loss values for 2018 are likely to exceed what we’ve seen in the past few years. Nevertheless, cybercriminals not only walked off with more money from ransomware in recent years, but they also caused far more damage than ever before.

That said, Symantec found that the total number of ransomware incidents are on the decline. According to the cybersecurity company, recorded ransomware infections were down 20 percent in 2018 versus the previous year.

  • According to Cybersecurity Ventures, ransomware damages were predicted to exceed $8 billion in 2018. (Source: Cybersecurity Ventures)
  • The Baltimore City government was hit with a massive ransomware attack in 2019 that left it crippled for over a month, with a loss value of over $18 million. (Source: Baltimore Sun)
  • New York City’s capital was hit with a ransomware attack in 2019 that took several key services offline. (Source: CNET)
  • The Ryuk ransomware is responsible for the large rise in ransomware payment costs. Ryuk demands $288,000 per incident, on average, compared to around $10,000 demanded by other ransomware. (Source: Coveware)
  • The Ryuk ransomware is also primarily being used to target large companies and organizations with an average of 254 employees. (Source: Coveware)
  • The city of Riviera Beach in Florida paid a $600,000 ransom in June 2019 to recover files following a ransomware attack. (Source: CBS News)
  • Multiple healthcare providers were hit with ransomware in early 2019 and paid the ransom to retrieve files. One paid $75,000 to recover its encrypted files. (Source: Health IT Security)
  • Ransomware downtime costs organizations more than $64,000 on average. (Source: Coveware)
  • Ransomware is costing businesses more than $75 billion per year. (Source: Datto)
  • The FBI suggests ransomware payments are totaling around $1 billion. (Source: Datto)
  • Businesses lost around $8,500 per hour due to ransomware-induced downtime. (Source: Govtech)
  • Enterprise ransomware infections were up 12 percent in 2018. (Source: Symantec)
  • Symantec also found enterprises accounted for 81 percent of all ransomware attacks in 2018. (Source: Symantec)
  • A tenth of all businesses reporting stated their ransom demand was $5,000 or more. (Source: Datto)
  • Nearly 40 percent of ransomware victims paid the ransom. (Source: Malwarebytes)
  • Over half of all survey respondents (55 percent) said they’d be willing to pay the ransom to regain access to digital family photos. Thirty-nine percent of respondents without children said the same. (Source: IBM)
  • An IBM study noted that a quarter of business executives would be willing to pay between $20,000 and $50,000 to regain access to encrypted data. (Source: IBM)
  • FedEx attributed a $300 million loss in its Q1 2017 earnings report to the NotPetya ransomware attack. The company reportedly did not have cybersecurity insurance. (Source: Reuters)
  • NotPeyta’s losses could exceed $1 billion. (Source: eWeek)
  • After getting hit by the SamSam ransomware in March 2018, Atlanta, Georgia, has spent more than $5 million rebuilding its computer network, including spending nearly $3 million hiring emergency consultants and crisis managers. (Source: Statescoop)
  • A Massachusetts school district paid $10,000 in Bitcoin after a ransomware attack in April 2018. (Source: Cyberscoop)
  • The average ransomware demand in 2017 was half of what it was in 2016, changing from over $1,000 on average to $522. This marks a potential new focus on more high-value targets by cybercriminals. (Source: Symantec)
  • 96 percent of organizations that paid the ransom received a decryption tool from the hackers. (Source: Coveware)
  • Decryption success depends on the type of ransomware, however. Dharma variants were often unreliable after paying the ransom, compared to GrandGrab TOR which almost always delivered a successful decryption tool after a ransom was paid. (Source: Coveware)
  • Bitcoin was the primary method of payment for ransomware. Around 98 percent of ransomware payments were made in Bitcoin. (Source: Coveware)
ransomware stats 2019
Source: Coveware

Ransomware continues to grow, hitting consumers and businesses hard

The hard truth about ransomware is that knowing more about the threat doesn’t easily translate to a decreased impact. FedEx is a good example of this. Despite knowledge of the threat for years now, the company saw a $300 million loss due to ransomware. The loss was not a result of paying the ransom but primarily for the cost of disaster recovery and system downtimes. The company’s lack of cyber insurance highlights the fact that many individuals and even large, multinational businesses have yet to fully grasp the threat.

As for readiness for ransomware and other cyber threats, a recent survey of IT professionals found that those working in the healthcare industry were most likely to report a lack of preparedness for an attack. Over 50 percent believed their industry simply isn’t ready to handle the threat.


Source: Kaspersky

Nevertheless, as more reports roll in, it’s clear that ransomware is now the preferred medium of choice for cybercriminals. As 2018 continues to progress, we’re likely to see reports from major players indicating that year-over-year growth in ransomware threats are increasing at an almost unheard-of pace.

That being said, here are some of the ways ransomware hit hard and fast in the past two years.

  • According to Cryptonite, healthcare organizations saw an 89 percent year-over-year increase in ransomware attacks in 2017. (Source: Cryptonite)
  • An IBM Security survey found that only 29 percent of small businesses had experience with ransomware, making these businesses more likely to be unprepared for the threat. (Source: IBM)
  • Over 70 percent of parents were most concerned about losing digital family photos or videos. (Source: IBM)
  • A Datto survey of 1,100 IT professionals revealed that over 90 percent had clients that suffered ransomware attacks in the past year. Forty percent had clients that were subject to at least six ransomware attacks. (Source: Datto)
  • 60 percent of malware payloads in Q1 2017 were ransomware. (Source: Malwarebytes)
  • A Cisco 2017 report states ransomware is growing 350 percent annually. (Source: Cisco)
  • Kaspersky notes that while ransomware is growing, creators may be getting less innovative. The security company stated that there were only 38 new ransomware families in 2017, compared to 61 in 2016. (Source: Kaspersky)
  • According to a Kaspersky Lab survey, 34 percent of businesses hit with malware took a week or more to recover full access to their data. (Source: Kaspersky)
  • Meanwhile, 36 percent paid the ransom, while 17 percent who paid never recovered their data even after paying. (Source: Kaspersky)
  • Nearly 1 in 5 healthcare domain emails were fraudulent in 2017. (Source: Proofpoint)
  • Cloud security company Carbon Black found that 90 percent of financial institutions reported being targeted by malware in 2017. (Source: BetaNews)
  • Proofpoint also detected 40 million ransomware attacks using malicious URLs or attachments against healthcare providers in Q3 2017. (Source: Proofpoint)
  • The number of new ransomware variants grew in 2017 from the previous year, with 350 new variants located. (Source: Symantec)

Ransomware predictions, 2018 and beyond

Unfortunately, ransomware isn’t going anywhere fast. Cybercriminals have learned just how lucrative encrypting data can be. Other forms of security threats still exist, data breaches in particular, but criminals who want to extract an easy buck are regularly turning to readily-available ransomware packages. According to McAfee, ransomware grew 56 percent in the past four quarters.


Source: McAfee

So what can we expect in 2019 and beyond? Here are a few predictions.

  • The Dharma and Ryku ransomware and their variants is now the most popular variant and will continue to be the most popular throughout 2019. (Source: Coveware)
  • Cybersecurity Ventures predicts ransomware will cost $6 trillion annually by 2021. (Source: Cybersecurity Ventures)
  • McAfee predicts some common ransomware targets will decrease. However, the company suggests cybercriminals will target less common and more vulnerable victims, such as individuals with high net values and connected devices (IoT). (Source: McAfee)
  • Palo Alto Networks predicts a noticeable increase in Mac ransomware this year. (Source: Palo Alto Networks)
  • MIT predicts cloud computing companies will see increased attacks against their systems. (Source: Computer Weekly)