25+ Ransomware Statistics & Trends You Need to Know

Ransomware has been a threat since even before the Internet became widely available to the public. It not only endangers individuals and companies but also negatively impacts global economies. 

Staying updated can help everyone recognize emerging threats and leverage new technology more effectively. That’s why we’ve compiled this list of the top 29 ransomware statistics and trends for 2024.

Top Ransomware Stats

Before we take a closer look at ransomware statistics, here are the most compelling facts and trends from our report.

  • Ransomware attackers claimed over $1.1 billion in 2023.
  • Two-thirds of businesses have experienced a ransomware attack.
  • The U.S. has the most ransomware attacks per year.
  • Most victims opt to pay the ransom.
  • AI cybersecurity can help businesses eliminate threats within 60 seconds.

The state of Ransomware

The Covid-19 pandemic led to a significant rise in ransomware attacks. As experts develop new technology to ward off attacks, a game of cat and mouse has developed between criminals and companies. 

Although there was a drop in attacks in 2022, it appears that they are once again on the rise.

The following statistics reveal the most about the state of ransomware in 2024.

59% of organizations were hit by ransomware in 2023. (Sophos)

percentage of organizations hit by ransomware

Cybercriminals cast a wide net, often using a range of phishing and automation tools to target numerous companies.

The success of the attacks primarily depends on the measures the victims have in place to protect themselves.

Ransomware payments came to a record-breaking $1.1 billion in 2024. (Chain Analysis)

ransomware payments
Image source

After a decline in 2022, ransomware payments have almost doubled in 2023. Cybercriminal groups seem to have adapted and found ways around the security measures implemented following the previous record in 2021.

The mean ransomware payout is $1,542,333.

Payments vary across companies of different sizes and locations. The amounts can range from as little as $1000 to over $5 million.

ransomware recovery cost by revenue
Research by Sophos shows that ransomware recovery costs can vary drastically.

It costs around $1.82 million for the average company to recover from a ransomware attack.

While the mean costs are decreasing, expenses can still reach into the millions of dollars. This figure includes a variety of expenses such as data recovery, disruption to operations, and legal fees.

66% of decision-makers believe there is a likelihood of an attack on their company.

probability of a ransomware attack
Image source

Interestingly, those with more knowledge of ransomware were more likely to anticipate an attack. This suggests that many businesses may not be fully aware of the extent of the threat.

Ransomware accounts for 19% of all cyber insurance claims. (Coalition)

Both the size and frequency of claims have increased year on year. Given the potentially high costs of ransomware, obtaining insurance could spare businesses from financial difficulties.

Types of Ransomware Attacks

Ransomware attacks always involve unauthorized access to a system and extortion. However, criminals might use a variety of tactics to get what they want.

Here’s a look at statistics related to different types of attacks:

The majority of attacks come from exploited vulnerabilities.

Hackers can gain entry to a system through unpatched areas from software awaiting updates or weaknesses in the system.

In these cases, victims are far more likely to lose all their data and end up paying the ransom.

Around a third of ransomware attacks start with a phishing email.

rate of data encryption
Longitudinal studies reveal that data consistently gets encrypted in the majority of ransomware attacks.

That’s when criminals send individuals messages that enable them to access a secure system.

It’s crucial for companies to educate employees on how to recognize such emails, especially when not to share details or open attachments.

70% of attacks lead to data encryption.

In the majority of cases, a successful ransomware attack leads to all the target’s files getting encrypted. The hackers responsible for releasing the software onto the system then demand a large sum of money to decrypt this data.

A growing number of criminals resort to harassment. (Palo Alto Networks)

Around a fifth of groups blackmail or threaten members of the company. They might threaten to send the stolen data to customers, shareholders, or the media.

This tactic is becoming more prevalent, having grown from just 1% in 2021.

Ransomware Statistics About Victims

Attacks can devastate individuals and businesses, often forcing them to make tough decisions.

This section explores the impact of ransomware and how victims usually respond:

Only 42% of companies say they would report ransomware attacks to law enforcement or cybersecurity services. (Kaspersky)

Businesses are hesitant to make these incidents public due to the potential impact on their reputation. For example, customers may lose trust in their ability to keep data confidential.

This reluctance gives criminals a significant advantage as they can operate under the radar of local authorities.

If undetected, total losses can increase by up to 1000 times. (Allianz)

Experts say that early detection is key. Proactive monitoring allows businesses to spot unauthorized access as it happens so they can take immediate steps to protect their data.

56% of organizations choose to pay the ransom.

data recovery for companies
Image source

Experts don’t recommend paying as there’s no guarantee businesses will fully recover the data. There’s also a risk of encouraging further attacks.

Despite these concerns, over half of businesses pay up so they can quickly resume normal operations.

59% of companies don’t recover data after paying the first ransom.

Problems may persist even if businesses cooperate. In many cases, cybercriminals use the data to extort a second payout from their victims.

what happens after ransom payments
Image source

Many never ensure their decryption keys are fully effective meaning organizations have no chance of recovering their lost assets.

The average downtime after a ransomware attack is over 20 days.

Statistic: Average duration of downtime after a ransomware attack at organizations in the United States from 1st quarter 2020 to 2nd quarter 2022 | Statista
Find more statistics at Statista

Attacks are so effective because they can effectively shut down entire businesses for extended periods. As businesses face growing financial losses, the pressure from shareholders and the incentive to pay the ransom increase.

Payment might seem like the only viable option when the mounting costs reach a critical point.

Victims can save an average of $1 million by reporting attacks. (IBM)

What’s more, involving law enforcement shortens the amount of time it takes to identify and resolve issues.

Ransomware Statistics by Industry

Many sectors are more vulnerable to ransomware attacks than others, often due to the sensitive nature of their data.

Here, we look at how statistics and trends vary between industries:

80% of education providers get hit by ransomware attacks.

percentage of education providers getting hit by ransomware attacks
Image source

Educational institutions are attractive prospects for cybercriminals because of the vast amount of personal data they store.

Schools and universities often tend to rely on outdated systems, which hackers can easily exploit.

Attacks on healthcare providers have doubled since 2021.

Healthcare organizations are prime targets for ransomware due to their vulnerability. Attacks can have a severe impact as they may jeopardize the well-being of patients.

Under this intense pressure, victims are more likely to pay the demand.

Thomas Terronez

“As a consultant in the dental industry, I’ve had a front-row seat to the kinds of cybersecurity threats that practices face. The past few years have seen a troubling uptick in ransomware attacks targeting our sector, and the methods employed by bad actors are becoming increasingly sophisticated.

The most alarming thing is the rapid evolution of AI-powered ransomware attempts. Gone are the days of easily spotted Nigerian prince scams. Today’s phishing attacks are precisely crafted and often indistinguishable from legitimate communications.

We strongly advocate the use of email scanning services to catch ransomware attempts. However, getting practices to adopt these measures can be like pulling teeth. There’s often resistance due to cost concerns or a misplaced belief that “it won’t happen to us.”

Thomas Terronez, CEO at Medix Dental IT

The entertainment industry is the most likely to pay the ransom.

This is likely due to the sector’s heavy reliance on intellectual property such as scripts and scores.

Companies don’t want to leak content ahead of schedule as it can undermine their marketing strategies and spoil upcoming releases.

Ransomware Statistics by Location

Location can play a significant role in attacks as certain countries are more frequently targeted or have weaker defenses.

Here’s a look at how ransomware attacks differ across places:

50 jurisdictions have formed an alliance against ransomware attacks. (The White House)

The International Counter Ransomware Initiative (ICRI) includes the US, EU, and Interpol among others.

This US-led initiative enables countries to share information about ransomware attacks and agree on measures to prevent them.

Half of the total global attacks target US individuals and companies. (ZScaler)

Experts say the country has the highest rate of ransomware in the world. The US is a natural target as it’s home to many large organizations willing to pay large sums to avoid disruption or complications.

40 countries have pledged not to pay criminals the ransom. (Reuters)

Many places don’t have laws against paying ransoms. However, governments want to encourage companies to refuse the demands, report these crimes, and cooperate with local law enforcers.

For as long as victims keep making the payments, the attackers have an incentive.

Eddy Abou-Nehme

“The approach to ransomware in Canada is evolving but still faces challenges. While there’s been some success in tracking and dismantling networks, the global nature of these crimes makes enforcement difficult.

Coordination between international agencies has improved, but the pace at which cybercriminals operate often outstrips local capabilities.”

Eddy Abou-Nehme, Owner and Director of Operations at RevNet Ottawa

How the Media Are Reporting on Ransomware

The media plays a major role in shaping public perceptions of ransomware attacks. They can also raise awareness of the risks and alert everyone to new threats.

That’s why this section covers some of the biggest breaking stories of 2024:

2024 saw the highest-ever ransom payment of $75 million. (Zscaler)

A gang calling themselves the ‘Dark Angels’ took this sum from an undisclosed victim. This record is nearly twice as much as the previous one of $40 million.

15,000 car dealers were affected by a recent attack on CDK Global. (CNN)

The attack lasted for almost three full weeks, during which time the business relied on pen and paper. Many businesses had to stall operations while they waited for the system to come back online.

The UK’s National Health Service (NHS) came under attack in June. (BBC)

Criminals allegedly hacked a partner service with patients’ lab results and published 400GB of data on the dark web. The incident disrupted over 3000 appointments.

Ransomware Recent Trends

As cyber threats continue to evolve, it’s best to stay updated and keep looking ahead. This section covers all the ransomware trends to watch out for in 2024:

Data theft is a bigger risk than extortion. (IBM)

While ransomware has a widespread and devastating impact, it’s still not the top cause of cybersecurity incidents. If criminals gain access to your system, they’re more likely to leak or sell your data than hold it hostage.

AI will increase the volume and impact of ransomware attacks over the next two years.

Experts have calculated the probability of ransomware and predict we’ll see an uptick across 2024 and 2025. This is largely due to hackers using AI to automate attacks and enhance their current techniques.

potential impact of AI ransomware
The NCSC has released a report outlining the potential impact of AI ransomware.

However, the same experts believe we won’t see any new AI ransomware technology until at least 2025.

ybercriminals disable backups in a third of attacks. (Veeam)

Businesses often store a second set of files separately in case their data gets lost or corrupted. In response, hackers have begun to target these files more frequently during attacks.

Josh Amishav-Zlatin

“One of the more common trends we’re seeing is a focus on fundamentals such as having an up-to-date asset inventory and ensuring all devices are properly patched and locked down.

Using a password manager to generate credentials is crucial as well because it prevents people from reusing the same ones. As a bonus, these tools autofill login forms, which help you avoid phishing attacks.”

One of the most common attack vectors is leaked credentials. That’s why continuous dark web monitoring is essential. Having early warnings about leaked employee and customer logins enables you to reset everything before hackers exploit them.”

Josh Amishav, CEO and founder at Breachsense

New AI cybersecurity solutions promise to find and eradicate threats in under 60 seconds. (IBM)

Businesses need to act quickly to prevent attacks. IBM allows them to do this with its Storage FlashSystem and Storage Defender solutions, which detect anomalies in their systems.

Wrap Up

This decade has seen major fluctuations in the state of ransomware. As technology advances, individuals and companies are better able to protect their data — but only until criminals learn and adapt.

Ultimately, the only way to prevent ransomware attacks is by refusing to pay and making the crime unprofitable. This is easier said than done as governments have to convince businesses to endure financial hardship for the greater good.

AI could be the key to gaining an advantage over criminals. Its ability to quickly identify and mitigate threats could significantly reduce the likelihood of attacks globally.

Related reading:

Rhiannon is an experienced B2B SaaS content writer who specializes in reviews and comparisons to help readers make the most fully-informed choices.