*This article is regularly updated with the latest ransomware statistics for 2018 – 2020. We’ve compiled 40+ ransomware facts, figures, and trends along with a round-up of predictions from industry experts at the bottom of the article.
At one point just a buzzword, ransomware is now an all-too-real threat to businesses, governments, and individuals worldwide. The problem with ransomware is twofold.
First, ransomware is designed to completely encrypt a victim’s file system, potentially causing an irreversible loss of data. Second, an increasing number of cybercriminals are utilizing ransomware to extract money out of victims. Some surveys have shown that losses for businesses can average $2,500 for each incident, with businesses willing to shell out upwards of close to a million dollars to decrypt their data in some instances.
The threat is only growing, as some reports find. The Beazley Group, for example, found that small-to-midsized businesses were at the largest risk. The highest ransom the company paid out for its clients in 2018 was over $930,000.
All of this is proof positive that this type of threat continues to be an extremely lucrative venture for cybercriminals, with attackers against all sources (businesses, governments, and individuals) now demanding around $13,000 per attack.
To get a better idea of what the ransomware landscape looks like, we’ve gathered some of the most interesting facts and statistics from 2018 to present that highlight this ongoing security concern.
See also: Cybersecurity and cybercrime statistics
When data loss meets dollars
Given the whole purpose of ransomware is to extract money from victims, total loss values are often the numbers people care about the most. Between 2018 and 2019, an increasingly large number of businesses, governments, and individuals faced huge losses thanks to these types of virus attacks. We’re already seeing huge losses to institutions in 2020 as well.
The biggest news-maker for 2019, in fact, is the Baltimore City government. The city’s computer system was hit with a ransomware infection in May 2019 that kept the city’s government crippled for over a month. Estimates put the cost to recover at over $18 million dollars, although the cybercriminal behind the malware only demanded $76,000 worth of Bitcoin. The attack reportedly impacted vaccine production, ATMs, airports, and hospitals.
Just about a year earlier, the Atlanta city government spent over $17 million to recover from a virus attack that demanded $52,000 in Bitcoin.
While many chose not to pay the cost for ransomware (and indeed, most security professionals say paying is typically a bad idea anyway), those that do pay up often find their files remain encrypted. After all, placing trust in the good graces of criminals is often leads to disappointment.
Even worse, most ransomware creators demand payment in expensive cryptocurrencies, chiefly Bitcoin.
With current trends, loss values for 2018 are likely to exceed what we’ve seen in the past few years. Nevertheless, cybercriminals not only walked off with more money from ransomware in recent years, but they also caused far more damage than ever before.
That said, Symantec found that the total number of ransomware incidents are on the decline. According to the cybersecurity company, recorded ransomware infections were down 20 percent in 2018 versus the previous year.
- Cyber attacks marred the start of the 2019-2020 academic school year for two American colleges. Regis University in Denver, Colorado, had its entire phone and internet services shut down after a late August cyber attack. Meanwhile, Monroe College in New York City had files locked down due to ransomware. The school did not reveal whether or not it paid the ransom. (Source: Inside Higher Ed)
- A ransomware attack against the New Orleans city government in early 2020 cost the city over $7 million dollars. Thankfully, the city carries cybersecurity insurance and received $3 million back—which may indicate the city was still underinsured. (Source: SC Magazine)
- The Baltimore City government was hit with a massive ransomware attack in 2019 that left it crippled for over a month, with a loss value of over $18 million. (Source: Baltimore Sun)
- New York City’s capital was hit with a ransomware attack in 2019 that took several key services offline. (Source: CNET)
- The Ryuk ransomware is responsible for the large rise in ransomware payment costs. Ryuk demands $288,000 per incident, on average, compared to around $10,000 demanded by other ransomware. (Source: Coveware)
- The Ryuk ransomware is also primarily being used to target large companies and organizations with an average of 254 employees. (Source: Coveware)
- The city of Riviera Beach in Florida paid a $600,000 ransom in June 2019 to recover files following a ransomware attack. (Source: CBS News)
- Multiple healthcare providers were hit with ransomware in early 2019 and paid the ransom to retrieve files. One paid $75,000 to recover its encrypted files. (Source: Health IT Security)
- Ransomware downtime costs organizations more than $64,000 on average. (Source: Coveware)
- Ransomware is costing businesses more than $75 billion per year. (Source: Datto)
- The FBI suggests ransom payments are totaling around $1 billion. (Source: Datto)
- Businesses lost around $8,500 per hour due to ransomware-induced downtime. (Source: Govtech)
- Enterprise ransomware infections were up 12 percent in 2018. (Source: Symantec)
- Symantec also found enterprises accounted for 81 percent of all ransomware attacks in 2018. (Source: Symantec)
- A tenth of all businesses reporting stated their ransom demand was $5,000 or more. (Source: Datto)
- Nearly 40 percent of victims paid the ransom. (Source: Malwarebytes)
- Over half of all survey respondents (55 percent) said they’d be willing to pay the ransom to regain access to digital family photos. Thirty-nine percent of respondents without children said the same. (Source: IBM)
- An IBM study noted that a quarter of business executives would be willing to pay between $20,000 and $50,000 to regain access to encrypted data. (Source: IBM)
- Albany County in New York was hit by three cyberattacks in the span of three weeks in late 2019, including a Christmas day attack on the Albany County Airport Authority (ACAA) that resulted in an undisclosed ransomware payment by the ACAA. (Source: Times Union)
- In what may be the biggest attack against a commercial business in history, Danish company Demant was forced to pay around $85 million following a ransomware attack. The company lost access to 22,000 computers in 40 countries, reducing its workforce to using pen and paper until the ransomware infection was resolved. (Source: BBC)
- After getting hit by the SamSam ransomware in March 2018, Atlanta, Georgia, has spent more than $5 million rebuilding its computer network, including spending nearly $3 million hiring emergency consultants and crisis managers. (Source: Statescoop)
- A Massachusetts school district paid $10,000 in Bitcoin after a ransomware attack in April 2018. (Source: Cyberscoop)
- 96 percent of organizations that paid the ransom received a decryption tool from the hackers. (Source: Coveware)
- Decryption success depends on the type of virus. Dharma variants were often unreliable after paying the ransom, compared to GrandGrab TOR which almost always delivered a successful decryption tool after a ransom was paid. (Source: Coveware)
- Bitcoin was the primary method of payment for ransomware. Around 98 percent of payments were made in Bitcoin. (Source: Coveware)
Ransomware continues to grow, hitting consumers and businesses hard
The hard truth about ransomware is that knowing more about the threat doesn’t easily translate to a decreased impact. FedEx is a good example of this. Despite knowledge of the threat for years now, the company saw a $300 million loss due to these crippling virus attacks. The loss was not a result of paying the ransom but primarily for the cost of disaster recovery and system downtimes. The company’s lack of cyber insurance highlights the fact that many individuals and even large, multinational businesses have yet to fully grasp the threat.
As for readiness for ransomware and other cyber threats, a recent survey of IT professionals found that those working in the healthcare industry were most likely to report a lack of preparedness for an attack. Over 50 percent believed their industry simply isn’t ready to handle the threat.
Nevertheless, as more reports roll in, it’s clear that ransomware is now the preferred medium of choice for cybercriminals. As 2020 continues to progress, we’re likely to see reports from major players indicating that year-over-year growth in virus-related ransom threats is increasing at an incredible pace.
That being said, here are some of the ways ransomware hit hard and fast in the past two years.
- A Q4 2019 report from Coveware found that ransomware payments doubled thanks to the spread of the Ryuk and Sodinokibi strains. (Source: Coveware)
- Coveware also found that most companies that pay the ransom (98 percent) receive their decryption tool from the threat actor. A surprisingly high 97 percent of victims also report that the tool worked to decrypt and recover the files, adding some confidence for victims choosing to pay the ransom. (Source: Coveware)
- An IBM Security survey found that only 29 percent of small businesses had experience with ransomware, making these businesses more likely to be unprepared for the threat. (Source: IBM)
- Over 70 percent of parents were most concerned about losing digital family photos or videos. (Source: IBM)
- A Datto survey of 1,100 IT professionals revealed that over 90 percent had clients that suffered ransomware attacks in the past year. Forty percent had clients that were subject to at least six ransomware attacks. (Source: Datto)
- According to a Kaspersky Lab survey, 34 percent of businesses hit with malware took a week or more to recover full access to their data. (Source: Kaspersky)
- Meanwhile, 36 percent paid the ransom, while 17 percent who paid never recovered their data even after paying. (Source: Kaspersky)
- According to a 2020 Ransomware Resiliency Report by NinjaRMM, managed service providers (MSPs) lose far more clients following a ransomware attack than they anticipate. In fact, 57% lost 11-20% of their client base after a ransomware attack; 13% of businesses lost over 50% of their clients. Conversely, around 35% of MSPs expected to lose no more than 10% of their clients after a ransomware attack. (Source: NinjaRMM)
- Around 40% of MSPs and IT professionals believe their organization could not withstand $500,000 or more in damage related to a ransomware attack. Considering 52% of businesses that suffered from a ransomware attack reported suffering over $500,000 in damage, many businesses could experience irreparable damage should an attack occur. (Source: NinjaRMM)
- NinjaRMM reports that half of all MSPs believe they can sustain up to 2 days of downtime before losing clients. yet most affected clients actually experienced 3 to 14 days of downtime. This prolonged period of downtime could be a major factor in client church rate but does indicate that many MSPs overestimate how quickly they’ll lose clients when downtime occurs. (Source: NinjaRMM)
Ransomware predictions, 2020 and beyond
Unfortunately, ransomware isn’t going anywhere fast. Cybercriminals have learned just how lucrative encrypting data can be. Other forms of security threats still exist, data breaches in particular, but criminals who want to extract an easy buck are regularly turning to readily-available ransomware packages. According to McAfee, ransomware grew 56 percent in the past four quarters.
So what can we expect in 2020 and beyond? Here are a few predictions.
- Cybersecurity Ventures predicts ransomware will cost $6 trillion annually by 2021. (Source: Cybersecurity Ventures)
- McAfee predicts some common ransomware targets will decrease. However, the company suggests cybercriminals will target less common and more vulnerable victims, such as individuals with high net values and connected devices (IoT). (Source: McAfee)
- Palo Alto Networks predicts a noticeable increase in Mac ransomware. (Source: Palo Alto Networks)
- MIT predicts cloud computing companies will see increased attacks against their systems. (Source: Computer Weekly)
- According to RSA Security, the future of this growing threat will include not just a lockdown on integral files and folders, but access to networks and accounts. (Source: RSA Security)