With the potential to significantly disrupt business operations and cause reputational and financial damage, ransomware remains one of the most persistent cyber threats worldwide. This type of malware encrypts files containing sensitive information, demanding ransom payments. The nature of ransomware attacks varies, depending on the kind of organization attacked and the attack intention. Often, the motivation for a ransomware attack is financial gain, and sometimes, the main goal for such attacks is to disrupt operations that cause downtime and reputational harm. Some threat actors deploy various other attacks alongside ransomware, such as distributed denial of service (DDoS), to create additional pressure on the victim.
In 2022, roughly 68 percent of the worldwide
reported cyberattacks were ransomware. In the fourth quarter of 2022, nearly 155 million
ransomware attacks were detected worldwide. As of 2023, the highest share of companies victimized by ransomware were in Singapore and Austria, while the United States
ranked first by the number of such attacks.
Types of ransomware attacks
In the second quarter of 2023, BlackCat and Black Basta were the
leading ransomware variants, with a 15.5 percent market share. In 2022, Stop/Djvu Trojan topped the list of the most commonly encountered ransomware Trojans, with over 16 percent of encounters. This Trojan locks the victim’s data on computers that use Windows OS. The second-most used type of ransomware Trojans was WannaCry, encountered by 12 percent of users worldwide.
In recent years, the business model called
Ransomware as a Service (RaaS) was introduced. This is when threat actors develop new malicious software and sell access to it to others. This model allows less sophisticated actors, called affiliates, to launch ransomware attacks independently.
Targeted industries
Ransomware attacks usually target institutions and organizations that are mission critical, such as healthcare, finance, manufacturing, and government organizations. In some cases, along with
other impacts, ransomware attacks cause higher mortality rates in healthcare institutions. As manufacturing includes various kinds of production, such as metal products, automotive, and industrial equipment, it is also a
highly targeted sector by ransomware.
Financial institutions are also targeted quite often. In this case, the attackers still intend to steal money and a huge amount of sensitive user data. In 2022, of 1,829 cyber incidents in financial institutions worldwide, 477 caused
leakage of sensitive data.
The average amount of ransom payments increased
In the second quarter of 2023, 34 percent of ransomware attacks in worldwide organizations
resulted in a ransom payment, down from 45 percent in the previous quarter. Despite this, the
average amount of ransom paid increased more than twice during the same period, going from nearly 328 thousand U.S. dollars in the first quarter of 2023 to over 740 thousand U.S. dollars in the second quarter of 2023.
The beginning of the ransomware epidemic
In May 2017, computers using the Microsoft Windows operating system were targeted by the
WannaCry ransomware attack. Attackers used the EternalBlue exploit, developed by the United States National Security Agency (NSA). The attack spread fast, infecting around 300,000 computers. The investigation found that a significant part of the attack was spread because of the uninstalled patches released by Microsoft. The attack was stopped a few hours after the launch and became what security experts call “the beginning of a ransomware epidemic.”
This text provides general information. Statista assumes no
liability for the information given being complete or correct.
Due to varying update cycles, statistics can display more up-to-date
data than referenced in the text.