Ransomware Statistics, Facts, and Trends of 2023

Ransomware is one of the most dangerous cyber attacks to businesses and consumers. This type of malware holds files and data hostage until a ransom is paid. Ransomware incidents can result in data loss, financial losses, and even ransomware payments. In order to protect your business from ransomware-based data breaches, it is important to understand ransomware statistics, ransomware trends, and the best practices for ransomware prevention. 

Ransomware hit the headlines the first time in 1989 when Joseph L. Popp distributed 20,000 floppy disks supposedly containing AIDS assessment software. Those disks installed dormant malware on a user’s computer. Once the computer had been turned on 90 times, the virus activated and locked all files on the computer’s C drive, displaying a message that the files would remain locked until a check was sent. In the last 30 years, the viruses and infiltration methods have become more complex and dollar amounts extorted higher, but the overall theme remains—ransomware holds your files and data hostage until you pay a ransom.

WannaCry. Cryptolocker. Zeus. BadRabbit. Their names seem cute, but these viruses cost consumers and businesses billions of dollars annually and put their data and reputations at risk.  

Key Ransomware Facts and Statistics

  • In 2021, ransomware attacks cost companies an estimated $11 billion. This is a significant increase from the $8 billion ransomware attacks cost companies in 2020.

  • Ransomware attacks are becoming more sophisticated, and ransomware developers are becoming more adept at extorting larger sums of money from their victims.

  • Despite the increasing cost of ransomware attacks, many companies are still not doing enough to protect themselves from ransomware infiltration with zero trust data management. Too often, ransomware victims pay the ransom without even attempting to recover their data through other means. This allows ransomware developers to continue victimizing businesses and individuals with impunity.

  • Ransomware incidents can also have other financial consequences. More than half of ransomware victims report experiencing additional financial costs, such as lost productivity and downtime, in addition to ransomware payments.

  • Tapping into the services of a managed service provider (MSP) can be an effective ransomware prevention strategy. MSPs have the resources to continuously monitor IT systems and swiftly respond to ransomware threats. They also provide valuable advice on ransomware prevention, such as creating backups of data regularly, patching software vulnerabilities quickly, and training personnel on how to identify potential ransomware attack and malicious software.

Ransomware Trends

The dollar amount requested by Popp’s ransomware was $189 per computer, and victims of the crime were limited. But ransomware has evolved over the years into a major criminal enterprise. 2020 was acknowledged by the US Justice Department as the “worst year ever” for ransomware, causing over $4 billion in losses. How common are ransomware attacks? The problem is so overwhelming that the Justice Department created a national task force to address it.

Along with a 20% rise in the number of attacks, payout requests have increased by over 200%, with some businesses being asked to pay tens of millions of dollars. Several other alarming trends have also emerged, including:

  • Ransomware as a Service (RaaS). Criminals don’t have to create their viruses anymore. Developers will create ransomware for a fee or share of the profits, creating a whole new industry that caters to ransomware.

  • Cryptocurrency. Extortion demands are more often being made for cryptocurrency, which is much more difficult to track and recover.

  • Spearphishing. The old method of sending millions (or more) generic phishing emails to lure the unsuspecting into clicking malicious links has also evolved. Cybercriminals now conduct targeted research on potential victims, enabling them to send emails that more closely appear to be from trusted senders. That research also allows them to know who has cyber insurance (and how much).

  • Ransomware infrastructure. Along with RaaS, dedicated infrastructure is growing to support ransomware, including “bulletproof” hosts who will refuse to take criminal users offline, as well as networks dedicated to helping criminals avoid anti-virus software and moving and hiding virtual currency payments.

  • Double extortion. There has been a marked increase in the threat to publicly release the data taken hostage if the ransom demands are not met. This increases the likelihood that a company will pay the ransom, particularly in industries with sensitive data—such as government, healthcare, and finance.

So, who is most at risk? Surprisingly, this big business seems to have more to gain from attacking small businesses.

Who’s at risk?

The risk to small businesses is high—with finance, health care, and online retailers most targeted. Small businesses made up over half of the ransomware attacks in 2020 and over half of small businesses have no resources to prevent them. Many small businesses, especially those stretched thin by the pandemic, simply can’t afford to pay. But the ransom can often be the least of their worries.

What’s at stake?

Aside from the ransom, ransomware poses other financial, safety, and reputational risks. Ransomware attackers know that time is critical. Business interruption—from complete shutdown to partial disruption—after an attack is, on average, 21 days. With servers shut down and computers offline, the financial losses can be tremendous, with retailers shutting their doors because registers don’t work and online retailers or finance institutions losing access to web services. Smaller businesses often can’t weather that much business disruption.

But safety is also a concern, with health clinics unable to check-in patients, retrieve health records or access equipment. Some data is lost forever. Even after paying a ransom, the average victim only recovers 65% of their data. All in all, the average cost for a US company in 2021—including ransom, downtime, recovery, lost opportunity and data, IT, etc.— is $1.85 million.

Are these ransomware facts worrisome? There are solutions.

Finding solutions

Many ransomware attacks target backups. Rubrik solutions help businesses detect an attack before it occurs and recover faster afterward. After an attack, Rubrik detects the scope of damage and quickly restores data, ensuring your business won’t suffer from lengthy downtimes and lost data. Rubrik backups can’t be encrypted or deleted, making them immune to ransomware. Contact Rubrik today for a demo and take the first steps to ensure you aren’t the next victim of ransomware.