{"id":12114,"date":"2024-10-14T11:33:30","date_gmt":"2024-10-14T15:33:30","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=12114"},"modified":"2025-07-17T10:45:19","modified_gmt":"2025-07-17T14:45:19","slug":"ransomware-statistics","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/ransomware-statistics\/","title":{"rendered":"20 Ransomware Statistics You\u2019re Powerless to Resist Reading [Updated for 2024]"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"ibm-reports-that-ransomware-attacks-cost-organizations-an-average-of-462-million-per-breach-in-2021-\u2014-a-cost-that-doesn\u2019t-include-the-ransom-demand-itself-read-on-to-learn-more-about-this-and-other-ransomware-statistics\">$4.91 million \u2014 that\u2019s what <a href=\"https:\/\/www.ibm.com\/reports\/data-breach\">IBM\u2019s 2024 report<\/a> indicates is the average cost of a ransomware attack. But this ransomware statistic doesn\u2019t include the cost of the ransom demand itself, which could cost tens of millions!<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><em>Editor\u2019s Note:<\/em><\/strong><em>&nbsp;This ransomware statistics article was originally published in February 2020. The content was updated in May 2022 and again in October 2024 with new statistics, data, and content.<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s kick off our ransomware statistics list with one gut-wrenching number:&nbsp;<strong>$75 million.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On its face, this number may not seem all that devastating, but this is the amount <a href=\"https:\/\/zscaler.com\/campaign\/threatlabz-ransomware-report\">Zscaler reports<\/a> a single company reportedly paid the Dark Angels <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-ransomware-how-does-ransomware-work\/\">ransomware<\/a> gang. Again, this amount was the ransom that was paid to the threat actors \u2014 this isn\u2019t even representative of other costs the company faced as a result of the ransomware attack!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To put this in perspective, this single ransom payment is the equivalent of Serbia\u2019s GDP value (according to <a href=\"https:\/\/data.worldbank.org\/indicator\/NY.GDP.MKTP.CD\">2023 data from the World Bank Group<\/a>). Knowing this, we\u2019ll explore other ransomware statistics that help put this thriving criminal enterprise into perspective.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n<span style=\"--tl-form-height-m:140.667px;--tl-form-height-t:118.1042px;--tl-form-height-d:118.1042px;\" class=\"tl-placeholder-f-type-shortcode_12779 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"ransomware-statistics-you-should-know-in-2022-and-beyond\">Ransomware Statistics You Should Know in 2024 and Beyond<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">We\u2019ve broken down these ransomware statistics into smaller sub-lists relating to ransomware costs (yeah, we know that\u2019s mainly why you\u2019re here), the breakdown of industries being targeted, and ways that organizations are fighting back. <\/p>\n\n\n\n<div class=\"wp-block-advanced-gutenberg-blocks-notice is-variation-info has-icon\" data-type=\"info\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><circle cx=\"12\" cy=\"12\" r=\"10\"><\/circle><line x1=\"12\" y1=\"16\" x2=\"12\" y2=\"12\"><\/line><line x1=\"12\" y1=\"8\" x2=\"12\" y2=\"8\"><\/line><\/svg><p class=\"wp-block-advanced-gutenberg-blocks-notice__title\">Just Want the Highlights?<\/p><p class=\"wp-block-advanced-gutenberg-blocks-notice__content\">Jump straight to the <a href=\"#tldr\">TL;DR section<\/a> to get the highlights from this ransomware statistics list.<\/p><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"ransomware-statistics-the-costs-of-ransomware-attacks\">Ransomware Statistics: The Costs of Ransomware Attacks<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This year alone, we\u2019ve seen record-breaking ransom payments. But these aren\u2019t the only costs businesses face as a result of ransomware attacks. There are direct and indirect costs relating to mitigation and recovery efforts, and those amounts vary based on the scope of the attacks and each company\u2019s level of preparedness to deal with such situations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Regardless of whether a company <a href=\"https:\/\/www.reuters.com\/technology\/alliance-40-countries-vow-not-pay-ransom-cybercriminals-us-says-2023-10-31\/\">chooses to pay a ransom<\/a>, reaches out to law enforcement, or tries to deal with the situation themselves without the help of law enforcement, it\u2019s still going to cost them a lot, both in terms of money and reputational harm. And those attacks continue to increase when attackers go above and beyond the traditional extortion methods and publish or sell extricated data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s explore some of the most notable ransomware statistics relating to direct and indirect costs of these attacks.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>1. Unpatched Vulnerabilities Lead to 4X Higher Recovery Costs<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Data from <a href=\"https:\/\/www.sophos.com\/en-us\/content\/state-of-ransomware\">Sophos\u2019s State of Ransomware 2024 survey report<\/a> indicates that organizations whose ransomware attacks began with unpatched vulnerability exploits experienced slower recovery time and recovery costs that were four times higher than ransomware attacks that stemmed from compromised credentials.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Sophos researchers share that 99% of the survey respondents indicated that they could identify how the attacks started. Here\u2019s an overview of how the identified ransomware attacks started over the past two years:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"611\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-attack-root-causes-shadow-1024x611.png\" alt=\"Ransomware attack root causes -- data source Sophos\u2019s State of Ransomware 2024 report\" class=\"wp-image-18043\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-attack-root-causes-shadow-1024x611.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-attack-root-causes-shadow-300x179.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-attack-root-causes-shadow-768x458.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-attack-root-causes-shadow-1536x917.png 1536w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-attack-root-causes-shadow-2048x1223.png 2048w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-attack-root-causes-shadow-400x240.png 400w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Data source: Sophos\u2019s State of Ransomware 2024 report. Looking for earlier data? Sorry, they didn\u2019t publish any in their earlier reports!<\/em><\/figcaption><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">2. Ransomware Costs Nearly $60 Million in Adjusted Losses in 2023<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">A total of 2,825 ransomware attacks were reported to the <a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2023_IC3Report.pdf\">FBI\u2019s Internet Crime Complaint Center (IC3) in 2023<\/a>. While the number of attack complaints received that year was down from those reported in 2021 (3,729), the adjusted losses associated with this attack method came in more than $10 million higher, coming in at $59,641,384 in 2023.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now, keep in mind that these adjusted losses don\u2019t account for some indirect and direct costs, such as lost business opportunities, equipment, files, time, wages, or third-party remediation costs. Furthermore, the FBI indicates that it\u2019s an \u201cartificially low overall ransomware loss rate\u201d for several reasons:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>some incidents never get reported at all.<\/li>\n\n\n\n<li>some reports didn\u2019t even include a loss amount,<\/li>\n\n\n\n<li>these reported numbers only include reports made directly to the IC3 (not FBI field offices or agents)<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">3. Change Healthcare Forked Out a $22 Million Ransom Payment to No Avail<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The United Healthcare subsidiary paid out big bucks in response to <a href=\"https:\/\/www.wired.com\/story\/alphv-change-healthcare-ransomware-payment\/\">BlackCat\/AlphV&#8217;s ransom demand<\/a> in exchange for keeping their stolen data secret. However, that obviously didn&#8217;t pan out, as the payment did nothing to stop RansomHub threat actors from <a href=\"https:\/\/www.axios.com\/2024\/04\/16\/change-healthcare-data-leak-ransomware\">publishing the extricated information<\/a> anyhow.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">4. Involving Law Enforcement Decreases Ransomware Costs by 20%+<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Not sure whether you want to involve law enforcement in your ransomware situation? Doing so is advantageous from both breach resolution speed and financial perspectives.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Data from IBM\u2019s 2024 Cost of a Data Breach report (we linked to it at the beginning of the article) indicates that the average cost of a breach involving ransomware attacks is lower for organizations that choose to involve law enforcement. In 2024, that difference was approximately $1 million!<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"612\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/impact-of-law-enforcement-ransomware-costs-shadow-1024x612.png\" alt=\"Data source: IBM's 2024 Cost of a Data Breach report. This chat shows the difference between costs when law enforcement is and isn't involved in a ransomware attack. \" class=\"wp-image-18044\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/impact-of-law-enforcement-ransomware-costs-shadow-1024x612.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/impact-of-law-enforcement-ransomware-costs-shadow-300x179.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/impact-of-law-enforcement-ransomware-costs-shadow-768x459.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/impact-of-law-enforcement-ransomware-costs-shadow-1536x918.png 1536w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/impact-of-law-enforcement-ransomware-costs-shadow-2048x1223.png 2048w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/impact-of-law-enforcement-ransomware-costs-shadow-400x240.png 400w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/impact-of-law-enforcement-ransomware-costs-shadow-460x276.png 460w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Data source: This graphic is based on data from IBM\u2019s 2024 Cost of a Data Breach.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Something to keep in mind, of course, is that these averages don\u2019t include ransom payment costs.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">5. Attacks Not Involving Authorities Took 16 Extra Days to ID &amp; Contain<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Not all ransomware costs are strictly financial. It\u2019s also a matter of time and resources you have to dedicate to dealing with the issue at hand. With this in mind, let\u2019s consider the mean-time-to-identify (MTTI) and mean-time-to-contain (MTTC) aspect of ransomware attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">IBM reports in its 2024 Cost of a Data Breach report that organizations that chose to involve law enforcement did so more than 2 weeks faster than their DIY counterparts:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>281 days: <\/strong>This is the average number of days it took to identify (213) and contain (68 days) a breach when law enforcement was involved.<\/li>\n\n\n\n<li><strong>297 days:<\/strong> This stat marks the amount of time it took to identify (220 days) and contain (77 days) a ransomware attack when law enforcement wasn\u2019t involved.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"ransomware-statistics-most-popular-targets-for-attackers\">Ransomware Statistics: A Look at Ransomware as a Business Model<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">It certainly shouldn\u2019t come as a shock that ransomware, much like other types of cybercrime, is a booming business. In a ransomware attack, bad guys use their collective evil to extort money from private individuals, companies, and public entities.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">With that in mind, let\u2019s take a closer look at ransomware from a business perspective.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">6. Ransomware Actors Received $1.1 Billion in Ransom Payments in 2023<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Unfortunately, bad guys were makin\u2019 bank in 2023. <a href=\"https:\/\/www.chainalysis.com\/blog\/2024-crypto-crime-mid-year-update-part-1\/\">Chainalysis reports<\/a> that ransomware payments skyrocketed from $567 million in 2022 to surpass $1 billion in 2023. That\u2019s nearly the entire <a href=\"https:\/\/metra.com\/newsroom\/no-fare-increases-metras-proposed-11b-operating-budget-2025\">2025 proposed operating budget for the Metra commuter rail system<\/a>, which provides services for Chicago and the six-county surrounding area of Illinois.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">7. Ransomware Inflows Reach Nearly $450 Million in 1H 2024<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Chainalysis reports that although aggregate illicit activity has dropped nearly 20% year-to-date, ransomware is one of two categories that are seeing these transactions increasing. Ransomware increased approximately 2% from $449.1 million to $459.8 million in the first half of 2024.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Want some good news? In its report, Chainalysis indicates that the ransomware ecosystem has been experiencing a shakeup and fragmentation as a result of law enforcement actions against major players like LockBit and Blackcat\/ALPHV.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">8. One Crypto Company Associated with $51M+ in Ransomware Attacks<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">According to a September <a href=\"https:\/\/www.fincen.gov\/news\/news-releases\/treasury-takes-coordinated-actions-against-illicit-russian-virtual-currency\">press release<\/a> from the Financial Crimes Enforcement Network, the U.S. Office of Foreign Assets Control (OFAC)&nbsp;slapped sanctions on Cryptex, a virtual currency exchange organization registered under the name \u201cInternational Payment Service Provider\u201d in St. Vincent and the Grenadines.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cryptex is associated with ransomware attackers and other cybercriminals operating in Russia and is thought to have played a role in more than $720 million in transactions related to other types of cybercrime.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">9. Attackers Can Exfiltrate Data in as Little as 2 Days<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">In our <a href=\"https:\/\/www.thesslstore.com\/blog\/phishing-statistics\/\">phishing statistics<\/a> article from earlier this year, we shared some disturbing data from <a href=\"https:\/\/www.paloaltonetworks.com\/resources\/research\/unit-42-incident-response-report\">Palo Alto Network\u2019s Incident Response Report 2024<\/a>. In the report, researchers shared that cybercriminals have figured out how to speed up the timeline on how quickly they can exfiltrate data in a ransomware attack.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">No longer does it take more than a week between the time when data gets compromised for bad guys to exfiltrate it; now, the median time between the compromised and when it\u2019s exfiltrated drops from 9 days in 2023 to 2 days in 2024!<\/p>\n\n\n<span style=\"--tl-form-height-m:966.781px;--tl-form-height-t:989px;--tl-form-height-d:989px;\" class=\"tl-placeholder-f-type-shortcode_12768 tl-preload-form\"><span><\/span><\/span>\n\n\n<h4 class=\"wp-block-heading\">10. Ransomware-as-a-Service Subscriptions Cost as Little as $40\/Month<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Ransomware-as-a-service (RaaS) creates a bit of an unusual situation for cyber defenders: the person carrying out the cyber attack might not be the same individual who created the malware. <a href=\"https:\/\/www.ibm.com\/topics\/ransomware-as-a-service\">According to IBM<\/a>, bad guys often peddle their ransomware tools and services, packaging them as so-called RaaS kits. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ransomware attacks are no longer one-person operations; they\u2019re often partnerships often involving multiple individuals or networks of individuals (operators, affiliates, etc.). For obvious reasons, this can make it trickier for cybersecurity experts to figure out who is responsible for ransomware attacks.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">11. RaaS Affiliates Can Get Commissions Upwards of 90%<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">As mentioned, RaaS is changing, and cyber defenders often have outdated perceptions about this booming cybercrime industry.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the past, many RaaS incidents involved developers who developed and sold malicious software, and affiliates who spread it and extorted companies and individuals for ransom payments. The subscription model was a common approach, and these opportunities still exist on the dark web.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, things have evolved over the past few years. Martin Zugec, technical solution director at BitDefender, likens the modern RaaS model we\u2019re now seeing to the cybercrime approach to the &#8220;gig economy model\u201d: <a href=\"https:\/\/www.techradar.com\/pro\/unlearning-the-raas-model-how-ransomware-attacks-are-evolving\">it\u2019s all about profit-sharing<\/a>. Check out a previous presentation by Zugec on the \u201cTop 10 Myths and Misconceptions About Ransomware\u201d:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"[Webinar] Top 10 Myths and Misconceptions about Ransomware\" width=\"960\" height=\"540\" src=\"https:\/\/www.youtube.com\/embed\/B05cpQBKEbY?start=148&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">So, how much can these threat actors make? In this profit-sharing model, affiliates pocket the higher percentages of the profits \u2014 upwards of 90%, <a href=\"https:\/\/www.recordedfuture.com\/research\/ransomhub-draws-in-affiliates-with-multi-os-capability-and-high-commission-rates\">according to Recorded Future<\/a> \u2014 while operators make the lesser percentage.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ransomware Statistics: Who (or What) Are the Targets?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Simply knowing the costs of ransomware attacks isn\u2019t enough. It\u2019s just as important to know who or what threat actors are targeting in the first place.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It doesn\u2019t matter whether it\u2019s a private citizen, a politician, a mom-and-pop business, or even a multi-national conglomerate \u2014 ransomware can affect anyone and everyone. However, some specific industries do make more attractive targets than others\u2026<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Determining which industries are the \u201cmost targeted\u201d varies based on the data source you\u2019re looking at.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">12. 249 Ransomware Complaints Makes Healthcare\/Public Health Most Targeted Critical Infrastructure Sector<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Data from the FBI IC3\u2019s 2023 Internet Crime Report (cited earlier) shows that the Healthcare and Public Health sector took home the gold in the sense of being the most affected sector. It was closely followed by Critical Manufacturing.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"612\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/05\/fbi-ic3-critical-infrastructure-sectors-shadow-1024x612.png\" alt=\"FBI IC3 critical infrastructure ransomware attack data\" class=\"wp-image-17802\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/05\/fbi-ic3-critical-infrastructure-sectors-shadow-1024x612.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/05\/fbi-ic3-critical-infrastructure-sectors-shadow-300x179.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/05\/fbi-ic3-critical-infrastructure-sectors-shadow-768x459.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/05\/fbi-ic3-critical-infrastructure-sectors-shadow-400x240.png 400w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/05\/fbi-ic3-critical-infrastructure-sectors-shadow-460x276.png 460w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2024\/05\/fbi-ic3-critical-infrastructure-sectors-shadow.png 1036w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Graph caption: This graphic is based on data reported in the FBI IC3\u2019s Internet Crime Reports (<\/em><a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2021_IC3Report.pdf\"><em>2021<\/em><\/a><em>,&nbsp;<\/em><a href=\"https:\/\/www.ic3.gov\/Media\/PDF\/AnnualReport\/2022_IC3Report.pdf\"><em>2022<\/em><\/a><em>, and 2023). This list focuses solely on the 14 critical infrastructure sectors that had \u201cat least 1 member that fell to a ransomware attack\u201d in each of the reporting years listed above<\/em>.<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s no secret that bad guys love to cause havoc. A particularly great way to achieve this goal is to target critical infrastructure because they know it\u2019ll be the most challenging and cause the most mayhem. (This underscores the growing need for enhanced <a href=\"https:\/\/www.thesslstore.com\/blog\/critical-infrastructure-protection-securing-essential-systems-against-cyber-threats\/\">critical infrastructure protection<\/a>.) One such recent healthcare-focused ransomware attack targeted the <a href=\"https:\/\/www.umchealthsystem.com\/it-outage\/\">University Medical Center (UMC) Health System<\/a>:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><em>\u201cUMC Health System recently detected unusual activity within our IT systems. Immediately after detecting this activity, our teams launched an investigation and took steps to proactively disconnect our systems to contain the incident.&nbsp;Through the ongoing investigation, we determined that the unusual activity was connected to a ransomware incident. UMC healthcare facilities remain open for existing inpatients and UMCP clinics also remain open. We are accepting patients via ambulance and only diverting a very select number of patients until all of our resources are fully functioning.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n<h4 class=\"wp-block-heading\">13. 47% of Ransomware Victims Are Smaller Organizations (&lt;$10M in Revenue)<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Data from Sophos\u2019s earlier-cited 2024 ransomware report indicates that even smaller organizations (i.e., those with less than $10 million in revenue) often found themselves in cybercriminals\u2019 sights in the last year. So, while the data shows that larger organizations with higher revenue were more likely to be targeted, it doesn\u2019t mean that smaller ones are out of the woods. &nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">14. 9 in 10 Ransomware Attacks Involved Targeting Data Backups<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/assets.sophos.com\/X24WTUEQ\/at\/539j6fwcmx6wk6whnhxc47\/sophos-the-impact-of-compromised-backups-on-ransomware-outcomes-wp.pdf\">Separate research from Sophos<\/a> shows that an average of 94% of the survey respondent organizations that fell prey to ransomware indicated the attackers actively tried to \u201ccompromise their backups\u201d during the assaults.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is particularly troubling when you consider that data backups are only one of two ways that businesses can get back their data in a ransomware attack \u2014 the other method involves paying the attackers (which often won\u2019t do you any good or can <a href=\"https:\/\/ofac.treasury.gov\/media\/912981\/download?inline\">land you in hot water with the U.S. Office of Foreign Assets Control<\/a> [OFAC])<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Sophos\u2019s report \u201cThe Impact of Compromised Backups On Ransomware Outcomes\u201d shares that the industry with boasted the lowest number of compromise attempts was Distribution and Transportation, with \u201conly\u201d 82% of the ransomware attacks involving the attempts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Wondering which five industries faced the most attempts to compromise their backups?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Entertainment, Leisure, and Media (99%)<\/li>\n\n\n\n<li>Local\/State Government (99%)<\/li>\n\n\n\n<li>Energy, Gas\/Oil, and Utilities (98%)<\/li>\n\n\n\n<li>Business and Professional Services (98%)<\/li>\n\n\n\n<li>Central\/Federal Government (98%)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">But the bad news doesn\u2019t stop there\u2026.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">15. Backups Were Impacted by Ransomware Attackers 76% of the Time<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Data from <a href=\"https:\/\/go.veeam.com\/ransomware-trends-executive-summary-2024\">Veeam\u2019s 2024 Ransomware Trends Report<\/a> shows that more than 3 in 4 ransomware events involved threat actors successfully impacting backup repositories. On average, Veeam researchers indicate that 43% of data affected by ransomware attacks isn\u2019t recoverable.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But you know what the scarier part is? Their data shows that only 37% of survey respondents indicated that they\u2019d use a sandbox or other quarantine method when restoring their data. The rest admitted that they \u201crestored directly back into their production environment\u201d \u2014 no scans, no quarantine, but lots of risks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ransomware-statistics-interesting-insights-you-should-know\">Ransomware Statistics: How Organizations &amp; Governments Are Fighting Back<\/h2>\n\n\n\n<h4 class=\"wp-block-heading\">16. NoMoreRansom.org Offers Decryption Tools for 180 Ransomware Types<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The No More Ransom project is a collaborative effort between IT security companies and law enforcement agencies. The objective is to help individuals and companies regain access to their encrypted data without paying bad guys anything.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As of the writing of this article, the project has made available decryption tools for 180 types of ransomware, including Darkside, LockBit, and Revil\/Sodinokibi. According to an <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/lockbit-power-cut-four-new-arrests-and-financial-sanctions-against-affiliates\">Oct. 1 press release<\/a> from the European Union\u2019s Agency for Law Enforcement Cooperation (Europol), which is one of the organizations involved in No More Ransom, more than 6 million victims globally have benefitted from the project.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"572\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/no-more-ransom-screenshot-shadow-1024x572.png\" alt=\"Ransomware statistics graphic: A screenshot from the NoMoreRansom.org website.\" class=\"wp-image-18046\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/no-more-ransom-screenshot-shadow-1024x572.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/no-more-ransom-screenshot-shadow-300x168.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/no-more-ransom-screenshot-shadow-768x429.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/no-more-ransom-screenshot-shadow.png 1308w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A screenshot from the NoMoreRansom.org website.<\/em><\/figcaption><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">17. 91% of Organizations Recognize Cybersec &amp; Backups Need Improvements<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Veeam\u2019s 2024 Ransomware Trends Report data shows just how displeased survey respondents are regarding their misaligned priorities and strategies:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A full 63% indicated that either a \u201csignificant improvement\u201d or \u201ccomplete overhaul\u201d would be required to get their Cybersecurity and IT Backup teams in alignment.<\/li>\n\n\n\n<li>Another 28% indicated that \u201csome improvement\u201d would be necessary.<\/li>\n\n\n\n<li>The remaining 10% thought \u201clittle improvement\u201d (9%) or \u201cno improvement\u201d (1%) would be needed.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">18. 94% of Organizations Know Who\u2019d They Call When Facing an Attack<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">The last bit of data we\u2019ll share from Veeam\u2019s 2024 Ransomware Trends Report focuses on the \u201ccavalry\u201d \u2014 the third-party experts organizations indicate they\u2019d call when the proverbial crap hits the fan. Survey respondents were split on calling their backup vendor (42%) or a security\/forensics expert (42%). The remaining companies said they\u2019d call a ransom negotiator.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">19. 18 New Members Join the International Counter Ransomware Initiative (CRI)<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Representatives from 68 member countries and organizations across the globe met up in Washington, D.C. at the <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2024\/10\/02\/international-counter-ransomware-initiative-2024-joint-statement\/\">Fourth CRI Gathering<\/a> with the goal of building relationships and resilience against ransomware attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These efforts, in part, aim to help reduce ransomware payments, improve reporting, better secure software, and take additional steps to weaken the ransomware ecosystem. It also explored the use of artificial intelligence (AI) to counter and increase resilience against ransomware and other malicious cyber attacks.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">20. U.S. State Department Offers Up to $15 Million Reward for LockBit Actors<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">LockBit joined the notorious ranks of cybercriminals listed on the <a href=\"https:\/\/www.state.gov\/transnational-organized-crime-rewards-program-2\/\">Transnational Organized Crime Rewards Program (TOCRP)<\/a>. In February, the <a href=\"https:\/\/www.state.gov\/reward-for-information-lockbit-ransomware-as-a-service\/\">U.S. Department of State put out an offer<\/a> for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Up to $10 million for info leading to the identification and whereabouts of key leaders in the group, and<\/li>\n\n\n\n<li>Another $5 million for info that leads to the arrest and\/or conviction of anyone involved in LockBit ransomware activities.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"627\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-rewards-1024x627.png\" alt=\"A screenshot of the U.S. Government's Wanted Reward offer for information relating to the identification, location, arrest, and\/or conviction of LockBit RaaS members.\" class=\"wp-image-18047\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-rewards-1024x627.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-rewards-300x184.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-rewards-768x470.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-rewards.png 1063w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A screenshot of the State Department\u2019s notice of reward for information pertaining to leaders of the LockBit Ransomware-as-a-Service group.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">In May, the U.S. <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2326\">placed sanctions on one of the group\u2019s senior leaders<\/a>, Dmitry Khoroshev, and offered a $10 million reward for info leading up to his arrest and\/or connection. &nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"tldr\">TL;DR \u2014 A Quick Recap (Or an Overview for Skimmers)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Don\u2019t have time to read through all of the ransomware statistics above? No worries. We\u2019ve put together a brief highlights list of the top five ransomware stats to note from the list above:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ransomware actors received $1.1B in ransom payments in 2023 (Chainalysis)<\/li>\n\n\n\n<li>Attackers can exfiltrate data in as little as 2 days (Palo Alto Networks)<\/li>\n\n\n\n<li>Healthcare &amp; Public Health organizations made 249 complaints to the IC3 (FBI IC3)<\/li>\n\n\n\n<li>47% of ransomware victims are those with less than $10 million in revenue (Sophos)<\/li>\n\n\n\n<li>Backups were affected by ransomware attackers in 76% of instances (Veeam)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><em>As always, feel free to leave a comment and share your most notable ransomware statistics below\u2026<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>$4.91 million \u2014 that\u2019s what IBM\u2019s 2024 report indicates is the average cost of a ransomware attack. But this ransomware statistic doesn\u2019t include the cost of the ransom demand itself,&#8230;<\/p>\n","protected":false},"author":17,"featured_media":18048,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[13107,16,10200],"tags":[263,10083],"class_list":["post-12114","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-beyond-hashed-out","category-hashing-out-cyber-security","category-monthly-digest","tag-ransomware","tag-statistics","post-with-tags"],"views":58797,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2022\/05\/ransomware-statisitcs-2024-feature.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/12114","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=12114"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/12114\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/18048"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=12114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=12114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=12114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}