Facebook-f Linkedin-in Instagram Tiktok Youtube
Become An Affiliate
09
Jun

The Latest Ransomware Statistics & Trends [Updated 2025 ] | #ransomware | #cybercrime

0


Key Takeaways: 10 Key Ransomware Statistics
  • Ransomware victims say the most common reason for ransomware attacks (32%) is an exploited vulnerability, with compromised credentials coming in second place (29%). 2
  • Over 70% of ransomware incidents now involve encrypting the victim’s data. 2
  • The rate of ransomware attacks dropped marginally between 2023 (66%) and 2024 (59%).2
  • There was a significant spike in the average ransom payment in 2024, increasing from $1,542,330 in 2023 to $3,960,917 the following year. 2
  • Cybercriminals secured ransomware payments of more than $1 billion in cryptocurrency in 2023. 5
  • The FBI’s 2023 Internet Crime Survey revealed that healthcare was number one on the list of critical infrastructure sectors most affected by ransomware, with 249 reported cases. 7
  • Over 60% of organizations that involved law enforcement after a ransomware attack experienced less financial loss on average than the 37% that did not involve the authorities. 3
  • As of 2021, more than 130 different ransomware strains had been detected globally. 9
  • The proportion of ransomware victims that gave in to ransom demands dropped to an all-time low of 29% in Q4 of 2023. 4
  • Ransomware strains can now be categorized into more than 30,000 clusters. Clusters are batches of ransomware grouped together based on their similarities. 9

In the first half of 2023, the rate of ransomware attacks rose by 50% year on year, according to a report by the World Economic Forum (WEF) 15. Hackers have intensified ransomware attacks on physical supply chains and launched more creative attacks. To help you keep abreast of ransomware trends, we’ve compiled ransomware statistics from around the web. 

These statistics cover a wide range of topics. Whether you’re looking for information about ransomware payments, want to learn about costs incurred from ransomware attacks or would like insight into the different strains of ransomware, we’ve got you covered. These statistics will come in handy whether you’re trying to prevent ransomware attacks or recover from one. 

For more information on how to protect your data online, you can read our best online backup services and best password manager reviews. 

Ransomware statistics, by the numbers.

Ransomware statistics, by the numbers.

  • 07/28/2021

    Cloudwards.net updated and double checked this statistics article for accuracy, as well as added new images.

  • 01/15/2024

    Updated the article for clarity and structure.

  • 06/20/2024 Facts checked

    Article rewritten to include the latest statistics on ransomware. 

  • 01/16/2025

    We updated this statistics article to include our history of ransomware video.

  • 04/13/2025 Facts checked

    We’ve added the latest facts and figures for ransomware demands and payments, as well as tips for protecting yourself from ransomware attacks.

History of Ransomware

Ransomware is a type of malicious software that encrypts data in a computer system, rendering it inaccessible until a sum of money is paid. The year 2023 was record-breaking for ransomware groups.

The number of recorded ransomware victims increased by 55% to a total 5,070, a significant spike from the previous year, according to Cyberint’s 2023 Report. 19 Q2 and Q3 alone saw more victims than the whole of 2022, with 2,903 victims.

Why Ransomware Payments Are Never a Good Idea

In most cases, cybersecurity experts advise ransomware victims to not pay the ransom. Ransom payments provide ransomware attackers with the financial incentive to conduct future attacks. In some cases, ransomware victims become easy targets for other ransomware gangs when news spreads that they paid the ransom.

Additionally, paying the ransom does not guarantee that the ransomware gang will restore access to the victim’s data. A Sophos report shows that, on average, organizations that succumbed to ransomware demands regained access to just 65% of their data. 20 Only 8% regained access to all their data after payment.

Negotiating Ransom Amounts

Source: Sophos, State of Ransomware 2024

Data from the chart as a table
Paid Less 44 %
Paid More 31 %
Paid Original Demand 24 %

Paying the ransom can also lead to legal troubles. According to an advisory published by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) in October 2020, the U.S. government imposes penalties on ransomware victims who pay cybercriminals who work or live in countries subject to U.S. sanctions. 21

In cases where a company has no choice but to pay the ransom, experts recommend notifying the FBI or CISA. Gartner Analyst Paul Furtado revealed that companies now report ransomware attacks more than ever, even when they give in to ransom demands. 16 Law enforcement agencies can help ransomware victims track the incidents and prosecute the criminals.

Ransomware Attack Statistics

This section includes a list of general ransomware statistics that highlight the rate of ransomware attacks, the main reasons attacks succeed and the correlation between susceptibility to ransomware attacks and company revenue.

1. Ransomware Incidents Dropped 21% to 493.3 Million in 2022

Global Ransomware Volume by Year, in Millions

Data from the chart as a table
2017 183.6
2018 206.4
2019 187.9
2020 623.3
2021 493.3
2022

An “incident” is a single ransomware program discovered anywhere on a system. There was an average of 1,384 ransomware programs per customer at every impacted company worldwide.

This decrease in ransomware attacks was not evenly distributed. Though ransomware attacks decreased in general, major industries — including healthcare (8% increase), finance (41% increase) and education (275% increase) — experienced a continued increase, and attacks were higher at some points than at those same points the previous year. 1

2. The Rate of Ransomware Attacks Reported by IT Leaders Remained the Same in 2022 and 2023

In Sophos’s 2024 annual survey of IT leaders, 59% of respondents revealed that their organizations had suffered ransomware attacks. 2

3. There’s a Clear Correlation Between Susceptibility to Ransomware Attacks and Company Revenue

According to Sophos’s 2024 State of Ransomware report, ransomware is more common among companies with higher revenue. Half of organizations with a revenue of $10-$50 million were hit by a ransomware attack in 2023, and 67% of those generating revenue of more than $5 billion. 2

4. Exploited Vulnerabilities and Compromised Credentials Are the Two Top Causes of Ransomware Attacks

The most prevalent reason for ransomware attacks (32%) was an exploited vulnerability, with compromised credentials coming in second place (29%). These issues underscore the need for more robust security practices such as strong passwords, multi-factor authentication and regular software updates. 2

5. Most Ransomware Attacks Now Involve Data Encryption

70% of ransomware incidents now involve encrypting the victim’s data. 2

Ransomware Cost Statistics

Organizations that experience ransomware attacks may incur costs from paying the ransom, data recovery, productivity loss and reputation damage. The statistics in this section explore the costs incurred and the benefits companies can enjoy when they take the right steps after a ransomware attack.

6. Ransomware Costs Other Than the Ransom Itself Increased From 2023 to 2024

In 2024, the estimated mean ransomware recovery cost for organizations was $2.73 million, up from $1.82 million in 2023 and $1.4 million in 2022. 2

Mean Recovery Cost, in Millions

Data from the chart as a table
2022 1.4 $
2023 1.82 $
2024 2.73 $
7. Using Backups to Recover From a Ransomware Attack Is Significantly Cheaper Than Paying the Ransom

According to Sophos’s 2024 survey, organizations that used backups to recover from ransomware incurred a median recovery cost of $750,000, compared to the $3 million average ransom demand. 2

8. Ransomware Attacks Have a Considerable Impact on Business

In 2023, 84% of private-sector organizations said they had lost business or revenue due to a ransomware attack. The financial repercussions can entail direct costs incurred from paying the ransom as well as indirect costs incurred due to business crisis, downtime and credibility loss. 2

9. Involving the Authorities After Ransomware Attacks Has Been Linked to Cost Savings

Over 60% of organizations involved law enforcement after a ransomware attack. These organizations experienced less financial loss than the 37% who did not involve the authorities. Working with law enforcement led to an average ransomware cost of $4.64 million, while not involving law enforcement led to an average ransomware cost of $5.11 million. 3

Ransomware Payment Statistics

Though ransomware attacks are on the rise, fewer companies are paying ransoms. This may be due to increased awareness of the futility of paying ransoms and the tendency of ransomware gangs to keep holding data hostage even after the ransom has been paid.

10. The Average Ransom Payment in 2023 Was Almost Twice That of 2022

There was a significant spike in the average ransom payment in 2023, increasing from $1,542,333 in 2023 to 3,960,917 in 2024. 2 Despite fewer ransoms being paid overall, they are becoming so large that the average is still increasing.

Ransomware Payments: 2022

Data from the chart as a table
>$1K 11
$1K->$5K 5
$5K->$10K 5
$10K->$20K 8
$20K->$50K 12
$50K->100K 14
$100K->$250K 17
$250K->$500K 13
$500K->$1M 6
$1M->$5M 7
$5M+ 4

Ransomware Payments: 2023

Data from the chart as a table
>$1K 4 %
$1K->$5K 2 %
$5K->$10K 6 %
$10K->$20K 6 %
$20K->$50K 7 %
$50K->100K 9 %
$100K->$250K 10 %
$250K->$500K 10 %
$500K->$1M 6 %
$1M->$5M 27 %
$5M+ 13 %
11. Despite Average Payments Increasing in 2023, the Fourth Quarter Saw a Substantial Decrease to $568,705

This reflects a 33% decrease compared to the average ransom payment in Q3 of 2023. Two occurrences that may have caused this decrease are a 32% drop in the median size of organizations impacted by an attempted ransomware attack and a resurgence of smaller actor groups who lost some presence in Q3 of 2023. 4

12. There Was a Sharp Decrease in the Proportion of Ransomware Victims That Gave in to Ransom Demands in Q4 of 2023

This proportion dropped to an all-time low margin of 29%. Two key drivers of this trend are companies’ increasing capability of recovering fully or partially from ransomware attacks using their own backups and security measures, and the data-driven decision to not pay the ransom without evidence that the cybercriminals will keep their word. 4

13. Cybercriminals Secured Ransomware Payments of More Than $1 Billion in Cryptocurrencies in 2023

This record high amount can be attributed to the increased concentration of ransomware attacks targeted at notable institutions, including government organizations, healthcare facilities and banks. In 2023, the BBC, British Airways and Aer Lingus were all impacted by attacks on the file transfer software MOVEit. 5

Statistics on Ransomware Targets by Industry

Ransomware attacks occur in different ways in various industries based on the quality of their backup systems, the sensitivity of the data in their possession and their level of dependence on digital systems. 

14. Construction, Finance and Manufacturing Experienced the Highest Rates of Ransomware Attacks Between January 2022 and January 2023

The construction industry had the highest number of ransomware cases during this period, with 142, followed by finance with 123 cases and manufacturing with 121 cases. Though ransomware targets organizations in a wide range of industries, the most susceptible ones are major players in supply chains and manage large amounts of customer data. 6

Top 10 Industries Targeted by Ransomware, 2023

Data from the chart as a table
Construction 142
Finance 123
Manufacturing 121
Tech 116
Business services 99
Transportation 91
Public sector 78
Consumer services 77
Retail 77
Education 67
15. Healthcare Was the Worst-Hit Critical Infrastructure Sector in 2023

The 16 critical infrastructure sectors of the United States manage assets, systems and networks that play a vital role in national security, the economy and public health and safety. The FBI’s 2023 Internet Crime Survey revealed that healthcare was number one on the list of critical infrastructure sectors most affected by ransomware, with 249 reported cases. 7

Healthcare institutions are at a higher risk of ransomware attacks due to their extensive collections of sensitive patient data, legacy systems and limited resources. In addition, the urgent nature of caring for patients means they often give in to ransom demands to recover data immediately, making them lucrative targets for cybercriminals. 

16. Manufacturing, Healthcare and Retail/Wholesale Accounted for the Most Ransomware Attack Cases Globally in Q1 of 2024

The manufacturing industry felt the biggest impact, comprising 29% of all attack cases and seeing almost double the reported year-on-year increase in attacks.

In second place was the healthcare industry, which accounted for 11% of attacks and saw a 63% year-on-year increase in attacks. Compared to manufacturing and healthcare, retail/wholesale experienced 8% of these attacks. 8

17. The Communications Sector Accounted for the Highest Year-on-Year Increase in Ransomware Attacks in Q1 of 2024

Communications firms faced a 177% year-on-year increase in cyberattacks, though they comprised just 4% of the reported attacks in the first quarter of 2024. 8 The phone and internet industries are tempting targets for ransomware attacks due to the vast amounts of sensitive information they store and manage.

Ransomware Family Statistics

A ransomware family or strain refers to a unique variant or version of ransomware. Ransomware families differ based on the attack techniques and encryption used, and the ransom demands that are made.

18. As of 2021, More Than 130 Different Ransomware Families Had Been Detected Globally

The GandCrab ransomware family comprised a significant portion of the samples received, accounting for 78.5%, according to a 2021 VirusTotal report. GandCrab ransomware was first discovered in 2018 and was the most prevalent ransomware that year. 9 Cybercriminals often distribute it through spam emails and exploit kits.

GandCrab stands out from many other ransomware strains because it doesn’t require any admin privileges to execute its attacks. However, like most ransomware strains, you can mitigate it by backing up your files, avoiding sketchy email attachments and links, and keeping your system up to date.

Data from the chart as a table
Gandcrab 78.5 %
Babuk 7.61 %
Cerber 3.11 %
Matsnu 2.63 %
Wannacry 2.41 %
Congur 1.52 %
Locky 1.29 %
Teslacrypt 1.12 %
Rkor 1.11 %
Reveton 0.7 %
19. Most Operating Systems Targeted by Various Ransomware Families Are Windows-Based Files

Of all the samples submitted during the VirusTotal survey, 95% were Windows-based executable files. 9 This may indicate that cybercriminals find Windows platforms to be an easy target. 

20. Ransomware Strains Can Be Categorized Into More Than 30,000 Clusters

The set of samples VirusTotal selected for the analysis can be categorized into more than 30,000 different clusters based on similar traits. When there are a lot of ransomware strains within a single cluster, it can be challenging to identify the exact strain used during an attack. 9

Recent Ransomware News

In this section, we highlight recently reported ransomware attacks to illustrate how they often play out. 

21. Change Healthcare

On Feb. 21, 2024, UnitedHealth subsidiary Change Healthcare suffered a ransomware attack that disrupted administration at hospitals and pharmacies for over a week. The attack, which Russia-based ransomware gang ALPHV (or BlackCat) perpetuated, cost UnitedHealth $872 million, not including the ransom itself. 10

In a recent hearing before the U.S. Senate Committee on Finance, United Health CEO Andrew Witty revealed that the company paid a $22 million ransom to ALPHV. 10

22. Omni Hotels & Resorts

On April 14, 2024, Omni Hotels & Resorts corroborated reports that it had been hacked by the Daixin Team ransomware group, which compromised some of its data. According to reports, the Daixin Team demanded $3.5 million in ransom but reduced it to $2 million during negotiations. 11

The ransom reduction indicates that Omni Group may have had good backups, according to Narayana Pappu, Chief Executive Officer at Zendata. There’s no indication of whether they paid the ransom, though. 11

23. Huber Heights, Ohio

In November 2023, officials in the Huber Heights suburb of Dayton, Ohio, revealed that the town had been hit by a ransomware attack that compromised the personal information of almost 6,000 people and affected major operations.

Not many details were disclosed, including the ransomware group responsible for the attack, whether they demanded a ransom or whether the city agreed to pay. However, it was revealed that the Huber Heights City Council sanctioned an investment of about $800,000 in data recovery. 12

24. Ardent Health Services

Ardent Health Services, a healthcare chain comprising 30 hospitals located in six states, suffered a ransomware attack on Nov. 23, 2023. The attack forced Ardent to redirect its patients from several emergency rooms to other hospitals and cancel certain elective procedures. 

In a series of updates posted on its website, Ardent revealed that it had restored access to its electronic medical record platform and its patient portal, and was in the process of restoring all systems impacted by the attack. Ardent Health Services didn’t disclose the ransomware group responsible for the attack, and there’s no indication of whether it paid the ransom. 13

25. The Global Lutheran Organization

On Dec. 28, 2023, the World Council of Churches (WCC), a fellowship of multiple Christian sects, revealed that it had been the victim of ransomware. On Jan. 5, 2024, the Rhysida ransomware gang took responsibility for attacking the Lutheran World Federation, one of the WCC’s members. 14

It stated a demand for six bitcoins, currently worth about $390,000. WCC General Secretary Professor Jerry Pillay revealed that operations would continue as normal and that the fellowship had no plans of paying the ransom. 14

How to Protect Yourself From Ransomware Attacks

Conducting regular data backups is one of the most effective ways to recover from a ransomware attack without paying the ransom. With up-to-date data backups, you can wipe your computer clean and restore it to its pre-attack state. For a detailed review of the best cloud backup services, read our guide to the best cloud backup.

You can back up your data to the cloud or an external hard drive. A good rule of thumb for organizations is to back up the most important data at least once a day. Implement access controls on all devices to ensure users only have access to the resources they need. This also constrains the amount of data that cybercriminals can exploit in the event of an attack.

Another effective security measure is multi-factor authentication (MFA) — read our multi-factor authentication guide to learn more. MFA means that a single compromised password will not leave your systems vulnerable unless the threat actors have also stolen the right hardware.

When you enable multi-factor authentication, users will only be able to access your data on the condition that they provide two or more authentication identifiers, such as a password/PIN, smart card, physical token, fingerprint or iris.

You can also consider investing in cyber insurance that specifically covers ransomware incidents, though be aware that insurers increasingly require organizations to implement specific security controls before providing coverage.

For more security measures that work against ransomware attacks, read our ransomware protection article. 

Final Thoughts

The insights you gain from these statistics can help you effectively mitigate ransomware attacks. Remember to regularly back up your data, implement multi-factor authentication (MFA) and update all your software components to their latest versions. For more statistics like these, check out our cybersecurity statistics and extended reality statistics articles.

What are your thoughts on these ransomware statistics? What steps are you taking to protect yourself from ransomware? Let us know in the comment section below, and as always, thanks for reading. 

FAQ: Ransomware Statistics

  • A total of 5.5 billion instances of malware were discovered in 2023. Not all malware breaches involve ransomware. [1]

  • Ransomware is more prevalent among organizations than individuals, with 72% of businesses globally stating that they have experienced ransomware attacks. [18]

  • An IBM Security X-Force Threat Intelligence Index 2023 report showed that ransomware attacks accounted for 17% of cyberattacks in 2022. [17]

  • WannaCry is a ransomware strain that was released in 2017, targeting Windows-based computers globally. Cybercriminals encrypted the data on those devices and held it for ransom.

Sources:

  1. 2023 Cyber Threat Report — SonicWall
  2. The State of Ransomware 2024 — Sophos
  3. Cost of a Data Breach Report 2023 — IBM
  4. New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying — Coveware
  5. Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline — Chainanalysis
  6. Ransomware statistics: Who is targeted the most? — NordLocker
  7. Internet Crime Report — Federal Bureau Of Investigation
  8. Shifting Attack Landscapes and Sectors in Q1 2024 with a 28% increase in cyber attacks globally — Check Point
  9. Ransomware in a Global Context  — Virustotal
  10. UnitedHealth Group Reports First Quarter 2024 Results — UnitedHealth Group
  11. OMNI HOTELS & RESORTS UPDATE ON RECENT CYBER ATTACK — Omni Hotels
  12. Ohio city reveals nearly 6,000 affected by recent ransomware attack — State Scoop
  13. Ransomware attack prompts multistate hospital chain to divert some emergency room patients elsewhere — Associated Press
  14. WCC hit by ransomware attack — World Council of Churches
  15. 3 trends set to drive cyberattacks and ransomware in 2024 — World Economic Forum
  16. Ransomware in Midsize Enterprises – Gartner
  17. What is ransomware? — IBM
  18. Cyberthreat Defense Report 2023 — CyberEdge Group
  19. Ransomware Recap 2023 Report – Cyberint
  20. The State of Ransomware 2024 – Sophos
  21. Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments – Department of the Treasury




Source link

.........................

Facebook-f Linkedin-in Instagram Tiktok Youtube
Our Products
Company
Other Links

Copyright 2005 – 2025 National Cyber Security

National Cyber Security

FREE
VIEW