Payment Security 101
Learn about payment fraud and how to prevent it
- Why Eftsure?
-
-
Why Eftsure?
-
Why customers use Eftsure
-
-
- Platform
-
-
Accounts Payable
-
-
-
- Solutions
-
-
By role
-
-
- Resources
-
-
Learn
-
Company
-
-
37 Worrisome Ransomware Statistics
Niek Dekker
Published : 07 June 2022
Ransomware is a type of malicious software that infiltrates your device and renders the files unusable until a ransom is paid. By encrypting your data and preventing access to it, it is nearly impossible for organisations to decrypt and recover their files. Even when a ransom is paid, there is no guarantee that the encrypted files can be recovered in full. In fact, by paying the ransom, you’re more likely to be targeted for future attacks.
Aside from data loss and system damage, organisations attacked by ransomware are also at risk of reputational damage and a disruption to normal operations which can all contribute to a decrease in revenue.
Ransomware statistics show that attacks are on the rise worldwide and aren’t showing any signs of slowing down. Want to find out how critical ransomware is in 2022? Let the numbers speak for itself:
Author’s Top Picks
- 80% of organisations experienced a ransomware attack in 2021.
- A new world record was set in 2021 for the largest ransomware payout at a sum of $40 million.
- In 2020, around $18 billion was paid globally in ransoms.
- Two thirds of Australia organisations had experienced a ransomware attack in 2020.
- It’s estimated that ransomware will cost organisations over $265 billion annually by 2031.
Ransomware Statistics
1. The average ransom amount was $1.25 million in 2020.
Ransomware payments have grown year on year especially with the rise of attacks on businesses of all sizes. Attackers are constantly coming up with new ways that are more disruptive and damaging with debilitating impacts on business operations.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-1
2. Only 65% of data is recovered for organisations who pay the ransom.
Despite promises by ransomware attackers that data will be returned once payment has been made, this is often not the case. Attacker provided decrypters often fail and there’s no guarantee the stolen data hasn’t already been deleted or sold on the black market.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-2
3. The total number of ransomware attacks in 2020 increased by 62% compared to the previous year.
The shift to remote work in 2020 as exacerbated by the pandemic provided attackers the golden opportunity for more aggressive and powerful attacks. By exploiting the fear and uncertainty of organisations navigating the new norm, users are more likely to click on questionable links which can install ransomware on their devices.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-3
4. 80% of organisations experienced a ransomware attack in 2021.
The low risk and high gains model of ransomware means attackers can send out phishing emails to a large number of organisations without many consequences. As long as a number of organisations continue paying the ransoms, attackers will be continually fuelled to develop more sophisticated ransomware to extort even greater funds.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-4
5. The average downtime after a ransomware attack is 21 days.
A successful ransomware attack on a business costs the business both time, money, and energy to get back on their feet running. Lost productivity, missed revenue opportunities, and damaged data are just some of the short term ramifications of a ransomware attack.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-5
6. 80% of organisations that paid a ransom experienced an attack shortly after.
Government bodies and cybersecurity experts all advise against paying a ransom as this encourages this activity to continue and puts organisations at risk for future attacks. A prevention first strategy is the key to minimising a ransomware attack.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-6
7. Globally, a business will fall victim to ransomware every 11 seconds.
The huge volume of phishing emails that are sent out on a daily basis to target vulnerable businesses means successful attacks are growing in number.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-7
8. There were 304 million ransomware attacks in 2020.
The rise in remote work has prompted attackers to take advantage of the uncertainty across the cyber landscape and exploit the security vulnerabilities that pertain to the home office.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-8
9. Bitcoin accounts for 98% of ransomware payments.
Due to the anonymity of Bitcoin, cybercriminals can easily receive payment whilst keeping their identity hidden. Bitcoin’s accessibility and ease of use also increases the chance of victims paying the ransom.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-9
10. 29% of companies were forced to remove jobs after a ransomware attack.
Ransomware attacks often stop companies without security measures in place in their tracks. A halt in operations results in lost revenue and work which many organisations cannot afford. Employees are often laid off following a ransomware attack or in some extreme cases, the entire company shuts down.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-10
Major Ransomware Attacks on Businesses
11. A new world record was set in 2021 for the largest ransomware payout at a sum of $40 million.
One of the US’s biggest insurance companies – CNA Financial – experienced a ransomware attack that prevented it access to its core systems. The attackers asked for a $60 million ransom which was later negotiated to $40 million.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-11
12. In 2021, the Australian Tax Office suffered a ransomware attack that compromised more than 42,000 accounts’ sensitive information.
Data such as tax file numbers, bank account details, remuneration, and superannuation were all stolen with staff access to myGov being disabled.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-12
13. Toyota was hit with a ransomware attack in 2022 which caused it to suspend operations across all its plants in Japan.
One of its suppliers – Kojima Industries – was hit with a ransomware attack that disrupted its computer service system. The temporary halt across all of Toyota’s domestic productions lines impacted the production of approximately 13,000 vehicles.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-13
14. Acer offered to pay hackers a $10 million ransom in 2021, to which they declined.
Acer was hit by two ransomware attacks in 2021. The latter attack was claimed by the Russian REvil ransomware group which demanded a $50 million ransom. The stolen data was sent to reporters and posted on online forums.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-14
15. A specialist cardiology department in Victoria fell victim to a ransomware attack in 2019 which compromised 15,000 patient files.
Patient details such as medical data and personal information were all held hostage by the attackers with the department unable to access the data for approximately 3 weeks. A Bitcoin ransom was asked by the attackers to which the department reportedly paid.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-15
16. Dharma (RaaS) has extorted approximately $24 million from small to medium businesses since 2016.
Despite asking for much smaller ransoms ranging from $8000 to $10000, Dharma has made enormous volumes of attacks globally which has made it one of the most successful RaaS ever created.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-16
17. TeslaCrypt infected high profile game’s files such as Call of Duty, Minecraft and World of Warcraft with most ransoms ranging between $250 to $500.
However, in an odd twist of fate, TeslaCrypt released its master decryption key to its victims along with an apology note on May 2016.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-17
18. Swissport was hit with a ransomware attack in 2022 that grounded planes and delayed flights at Zurich international airport.
22 flights were delayed as a result of the attack with the cybercriminals stating that they were willing to sell all 1.6TB of stolen data to a potential buyer.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-18
Global Ransomware Statistics
19. The US was the number one country with the most ransomware attacks in 2021.
Ransomware attacks are more common in countries with higher internet connected populations. Tensions between the US and Russia are also thought to have influenced the boom with beliefs that Russia is the main mastermind behind the ransomware attacks.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-19
20. In 2020, around $18 billion was paid globally in ransoms.
With more than 50% of victims paying the ransom and an increase of 80% in ransom demands, it’s no surprise that both businesses and home users have contributed to the billion-dollar industry.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-20
21. The average ransomware breach cost $4.62 million worldwide in 2021.
As remote work was in full swing in 2021, the cost of a ransomware data breach reached an all time high. Remote workforces took longer to contain breaches with an average of 58 days to identify the attack.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-21
22. It’s estimated that globally there is a ransomware attack on businesses every 11 seconds.
Ransomware variants are on the rise making it the fastest growing form of cybercrime. There have been exponential increases in year on year ransomware attacks so it’s vital that organisations have countermeasures in place to prevent and limit the impact of them.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-22
23. Australia ranks number one within the Asia Pacific for the highest number of ransomware attacks.
Australia ranks 7th globally in terms of most ransomware attacks with the commercial and professional services sector receiving 37% of all attacks.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-23
24. Ransomware attacks increased by 35% in Australia from 2020 to 2021.
With RaaS on the rise, it’s become even easier for cybercriminals to deploy ransomware to vulnerable organisations. Australian businesses are advised to invest in both employee security training and defence mechanisms to minimise their chances of falling victim to ransomware.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-24
25. Two thirds of Australia organisations had experienced a ransomware attack in 2020.
Australian companies received 10% more ransomware attacks than the global average in 2020 with approximately a third of the victims paying the ransom. This has resulted in an average cost of $1.25 million for each data breach.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-25
26. According to research by NordLocker, the top 5 countries attacked by ransomware are US, UK, Canada, France and Germany.
Between 2020 and 2021, the United States received 732 ransomware attacks which accounted for 76% of the top 5 countries’ attacks.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-26
Ransomware Attacks by Industry Statistics
27. The manufacturing industry accounted for 30% of ransomware attacks.
Factories often use a variety of specialised equipment and software to get items manufactured which provides attackers with a wide surface area to target. Not all of the vast number of computer systems in place are well protected against the evolving tactics used by ransomware attackers.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-27
28. The average cost of a ransomware attack on higher education institutions in 2020 is $447,000.
The shift to remote learning as a result of Covid-19 has caused universities to embrace new technologies and teaching methods that they’re not traditionally accustomed to. The variety of apps, devices, and portals used has significantly increased universities’ vulnerability to a number of cybersecurity risks such as ransomware.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-28
29. 90% of financial institutions suffered a ransomware attack in 2021.
The sensitive information that financial institutions gather on their customers, partners, and the financial market make them the ideal target for ransomware attackers. Double extortion techniques such as threatening to release the data to the public can result in greater ransom payments as the subsequent negative consequences for the financial institution is enormous.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-29
30. Only 38% of government workers have had proper ransomware prevention training.
Emerging cyberattacks on government bodies means they must be better prepared for ransomware disasters by providing training to all staff members and allocating specific budgets for these situations. A stagnant growth in ransomware training can lead to increased attacks with more damaging effects.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-30
31. The local government and utilities sector are more likely to pay ransoms.
As these two industries provide valuable services to society, they also have higher propensity to pay the ransom to protect the encrypted data and restore essential services back to normal operations.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-31
32. Although all sectors are targeted by ransomware attacks, more than 50% of attacks are aimed at the banking, utilities and retail sector.
As the nature of these industries provide important services to people and society, when services cannot be accessed, they’re more likely to pay the ransom to attackers.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-32
33. There were 25 ransomware attacks globally on the healthcare industry in the first quarter of 2021.
Attacks on the healthcare industry can be quite detrimental as the system are inaccessible until the ransom is paid, which means many patients’ lives are often on the line as they cannot receive the help they need.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-33
34. In 2020, a woman died due to a ransomware attack on a hospital in Germany.
As the emergency department of the hospital was closed due to the ransomware incident, the woman was redirected to another hospital for treatment. However, as the hospital was a substantial distance away, she didn’t receive the right treatment until an hour later. Her death serves as the first ransomware related fatality.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-34
Ransomware Trends and Predictions
35. It’s estimated that ransomware will cost organisations over $265 billion annually by 2031.
The exponential growth and evolvement of ransomware in the past 5 years has led to a breed of new malware that is more challenging and damaging than its predecessors. Predictions for the future are that security awareness training is more important than ever as human generated risk is the main factor in infection mechanisms.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-35
36. There are predictions that a ransomware attack will take place every 2 seconds by 2031.
Cybersecurity Ventures predicts that attackers will refine ransomware to the point where a new attack will take place globally every couple of seconds. The year on year growth of ransomware attacks means organisations should be prepared for a large jump in the coming years.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-36
37. Gartner estimates that by 2025, 30% of national states will pass legislation to regulate ransomware payments, costs and negotiations.
The US has already declared the payment of ransomware to be illegal in 2021 as it creates additional motive for perpetrators to continue cyberattacks. Other countries are expected to also crackdown on ransomware payments in a bid to curb the exponential growth in attacks.
Copy link
https://eftsure.com/statistics/ransomware-statistics/#section-37
