Top 5 Ransomware Statistics

Cybercriminal gangs launch ransomware attacks to encrypt sensitive data from companies and extort a large ransom. Sometimes hackers even use a method called double extortion. They threaten the company to sell the stolen data online if the ransom is not paid. Meanwhile, cyberattacks with extortionist intentions are among the most dangerous threats to businesses. A look at various statistics shows how large the dimensions of this criminal scam are, as can be read at the security service provider Atlas VPN. 

1. hackers captured over 30 terabytes of sensitive data in 2022

Ransomware attacks have become increasingly efficient and devastating in their methods. Hackers stole more than 30 terabytes (TB) of personal and other sensitive data in 320 incidents in 2022, for example. The total number of ransomware attacks could be even higher. Many companies lack transparency in reporting incidents involving ransomware. In one prominent example, the largest semiconductor chip company, Nvidia, was hit by one of the largest ransomware attacks in the first half of 2022. Hackers from the group "Lapsus$" claimed to have stolen 1 TB of exfiltrated corporate data and demanded a ransom of $1 million. (Source)

2. ransomware volume doubles in 2021 and exceeds 600 million

If a company does not have its data secured in a cloud, it usually runs into big trouble in the event of an incident. Affected businesses either have to pay a hefty ransom or lose their data forever. Research has shown that global ransomware volume will increase by 105 % in 2021. (Source)

The total number of ransomware attacks is nearly 20 attempts per second in 2021. The U.S. is significantly more affected than any other country, with 421.5 million ransomware attacks (see below). Cybercriminals launched 34.2 million ransomware attacks in Germany and 33.5 million in the UK. No data is available on Switzerland. However, a study by British security provider Sophos shows that 60 percent of Swiss companies have fallen victim to a ransomware attack in 2021. And a Listing of the trade magazine inside-it.ch provides an insight into a few impressive cases and shows that SMEs are also affected.

3. over 70 % of organizations have been affected by two or more ransomware attacks in the last 12 months

Once the hackers know that the company has vulnerabilities they can exploit, they target it multiple times. According to a 2022 report from data security services provider Veeam, 73 % of organizations were affected by two or more ransomware attacks in the last 12 months. The majority - 44 % of incidents - occurred via phishing emails, links and websites.

One of the reasons ransomware is so successful is that companies keep paying ransom. A whopping 76 % of companies affected by ransomware in the last twelve months (January 2022 survey) paid the ransom. Yet nearly one in four companies (24 %) were unable to recover their data afterwards. (Source)

4. companies in Japan and the Netherlands paid the highest ransoms

Companies in Japan paid an average of nearly $4.3 million in the largest ransomware attacks in 2021. In addition, companies in the Netherlands paid an average of $2 million in ransom to cybercriminals (Source). In a survey of 5,600 IT professionals at mid-sized companies (100-5,000 employees) in 31 countries, 79 % of companies in the media, leisure and entertainment industry were affected by ransomware attacks in 2021. Retail is the second most common target of ransomware, with 77 % of businesses reporting having suffered an incident.

5. nearly half of global attacks target the U.S. in 2021

Ransomware can become a powerful weapon in the hands of cybercriminals that can cause financial and reputational damage to an organization. In 2021, 1,352 (48 % of all incidents) ransomware attacks targeted the United States. 146 attacks targeted French companies. In addition, companies in the industrial and energy, retail, and financial sectors were among the most threatened sectors. The industry and energy sector was affected by 599 ransomware incidents globally in 2021, while threat actors targeted retail companies in 545 attacks. (Source)