{"id":33,"date":"2023-04-10T07:05:23","date_gmt":"2023-04-10T07:05:23","guid":{"rendered":"https:\/\/dataprot.net\/?p=33"},"modified":"2024-02-06T14:05:42","modified_gmt":"2024-02-06T14:05:42","slug":"ransomware-statistics","status":"publish","type":"post","link":"https:\/\/dataprot.net\/statistics\/ransomware-statistics\/","title":{"rendered":"Ransomware Statistics in 2024: From Random Barrages to Targeted Hits"},"content":{"rendered":"\n
Ransomware attacks have come a long way from their brutish and unsophisticated beginnings as “spray-and-pray” email phishing<\/a> campaigns against randomly selected targets.<\/p>\n\n\n\n The overall number of attacks has dropped, but their efficiency and success rate have risen. <\/p>\n\n\n\n An analysis of statistics, facts and ransomware examples demonstrates that hackers have shifted their focus to business, where they find interconnected systems with security holes, a willingness to pay up so essential business functions can be restored, and – most importantly – deep pockets.<\/p>\n\n\n\n <\/p>\n\n\n\n (CyberSecurity Ventures)<\/p>\n\n\n\n This is an increase of about 20% compared to the prediction 2019 – 14 attacks per second.<\/p>\n\n\n\n (Symantec)<\/p>\n\n\n\n Symantec, one of the leading internet security companies, says the drop in activity is even more noticeable when WannaCry, Petya, and other copycat worms are taken out of the equation. Then the drop is 52%.<\/p>\n\n\n\n (CyberSecurity Ventures)<\/p>\n\n\n\n Recent security breaches<\/a> are less frequent, but they are more and more lucrative for cybercriminals. This is due, in part, to the fact that ransomware operators are adopting new strategies and angles of attack against high-profile targets.<\/p>\n\n\n\n (Statista)<\/p>\n\n\n\n Ransomware hackers went wild in 2016. Ransomware statistics from 2017 show that there were fewer attacks, but they were more effective.<\/p>\n\n\n\n (Stanford University)<\/p>\n\n\n\n It was the year of the ransomware cyberattack, the year of WannaCry.<\/a> Cybersecurity operator Symantec blocked 405,000 consumer ransomware infections during this period.<\/p>\n\n\n\n (Statista)<\/p>\n\n\n\n Spam campaigns are a popular method of disseminating malicious code. Spear-fishing, the more targeted and personalized approach, is much more effective in infiltrating complex security networks. Insufficient user security training was present in 33% of infection cases.<\/p>\n\n\n\n Other methods of infection include drive-by downloads and malvertizing.<\/p>\n\n\n\n (Stanford University)<\/p>\n\n\n\n To provide the illusion of authority and scare people into paying, attackers often pose as representatives of the FBI, ransomware statistics show.<\/p>\n\n\n\n \u201cFBI – YOU HAVE BEEN WATCHING PORN OR GAMBLING OR BOTH, YOU MUST PAY $200 TO MONEYGRAM\u201d – an actual ransom note.<\/p>\n\n\n\n A warning message appears before the victim, claiming that they have been caught partaking in illegal activity such as browsing illicit pornographic sites. This type of attack<\/a> probably works best on people who actually did things of that nature.<\/p>\n\n\n\n The victim is then prompted to make a payment. Some people are so flustered and intimidated that they don\u2019t stop to wonder why the FBI would ask for payments in cryptocurrencies or a prepaid cash voucher.<\/p>\n\n\n\n (University of California – San Diego)<\/p>\n\n\n\n That is right around the time that ransomware became a multimillion-dollar business amid the major ransomware attacks of 2017, says Kylie McRoberts, a senior Google strategist.<\/p>\n\n\n\n (Bromium)<\/p>\n\n\n\n The University of Surry\u2019s Michael McGuire says cybercrime yields $1.5 trillion in revenues per year. The illicit and illegal online trading market for contraband such as drugs and weapons is responsible for the biggest portion, $860 billion. <\/p>\n\n\n\n Ransomware is an excellent source of revenue for individual attackers. It doesn\u2019t take much skill, as ransomware kits can be purchased on the dark web. Besides, it operates on a \u201cset-and-forget\u201d model.<\/p>\n\n\n\n (University of California – San Diego)<\/p>\n\n\n\n The Locky and Cerber attacks were mostly responsible for this huge spike.<\/p>\n\n\n\n (Stanford University)<\/p>\n\n\n\n The average, not median, reported ransom was about $530. The highest was around $8,000.<\/p>\n\n\n\n Of course, the monetary cost is just part of the picture revealed by ransomware attacks statistics. The psychological trauma, the time it takes to remedy the situation, and the loss of valued possessions like family photos and work-related documents should all be taken into account when evaluating the total impact.<\/p>\n\n\n\n (Stanford University)<\/p>\n\n\n\n Cryptocurrency was the ransom method of choice in just 12% of cases, the Stanford study reported.<\/p>\n\n\n\n (Bromium)<\/p>\n\n\n\n Whether the ransom is paid in cryptocurrency or conventional funds, the most efficient way to launder the money is through cryptocurrency exchanges.<\/p>\n\n\n\n Before being shut down in 2017 by the American government, the cryptocurrency exchange BTC-e was the go-to place for covering the trail of dirty ransomware money.<\/p>\n\n\n\n (Statista)<\/p>\n\n\n\n The global ransomware attack WannaCry was launched in May 2017<\/a>. A security hole in Windows XP called EternalBlue provided a window that allowed North Korean attackers to infect more than 200,000 computers around the world.<\/p>\n\n\n\n Even though Microsoft had discontinued support for XP in 2014, the company quickly issued a patch to address the problem.<\/p>\n\n\n\n (New Statesman)<\/p>\n\n\n\n Doctors and nurses had no alternative but to cancel 19,000 appointments in 80 institutions across the country.<\/p>\n\n\n\n The attack cost around \u00a319 million in lost fees and spent around \u00a372 million restoring files lost in the attack.<\/p>\n\n\n\n Between September 2013 and May 2014, the world of cybercrime was changed for good – Cryptolocker ransomware hit the big time<\/a> and a new business model was set to strike fear into the bones of business owners, government officials, and consumers around the globe.<\/p>\n\n\n\n (New Scientist)<\/p>\n\n\n\n Ransomware attacks are getting more targeted and more precise. More and more victims simply pay the ransom to restore access to precious data.<\/p>\n\n\n\n Another city in Florida, Lake City, paid $10,000 of its $530,000 ransom, with an insurance company picking up the rest of the tab for the Ryuk ransomware attack in 2019.<\/p>\n\n\n\n (Computerworld)<\/p>\n\n\n\n This happened between February and April 2015.<\/p>\n\n\n\n This malware attack went straight for the data people hold close to their hearts – game files like saves and custom maps. That\u2019s how the campaign started. The hackers demanded $500 from most victims.<\/p>\n\n\n\n In 2016, the team behind TeslaCrypt released a master decryption key in a text file, along with a message stating, \u201cWe are sorry.\u201d<\/p>\n\n\n\n (Wired)<\/p>\n\n\n\n Security experts from Kaspersky claim that the 2017 world wide cyber attack NotPetya was not a ransomware attack in the proper sense. It did encrypt files, but a closer inspection of the malware code showed that the decryption data included in the files was random nonsense. <\/p>\n\n\n\n That led the cyber community to the conclusion that NotPetya was a Russian act of cyber warfare against Ukraine that went global.<\/p>\n\n\n\n The Danish shipping and transport company Maersk, which handles almost a fifth of the world\u2019s freight and has more than 85,000 employees, was among the hardest hit. The company lost about $300 million because of the attack.<\/p>\n\n\n\n Another company that was hit hard: FedEx. The ransomware attack cost the company\u2019s Dutch subsidiary, TNT Express, $300 million.<\/p>\n\n\n\n Kaspersky named the worm after the Petya ransomware attack because of similarities in ransom demand and target selection.<\/p>\n\n\n\n (Check Point Software Technologies)<\/p>\n\n\n\n Ransomware as a service – a great concept for malware creators. <\/p>\n\n\n\n Cerber is essentially an affiliate program. The software\u2019s author gives other malicious actors the ransomware kit on a sale or return basis. Forty percent of the revenue they accrue goes directly into the creator\u2019s wallet. He just sits back and lets the money drip in through a convoluted net of address mixers that make the transactions untraceable.<\/p>\n\n\n\n As of 2018, no active cases of Cerber were detected, but in early 2017 it accounted for 26% of all ransomware infections.<\/p>\n\n\n\n (Sophos)<\/p>\n\n\n\n Among the latest ransomware attacks, SamSam is a particularly sophisticated operation. <\/p>\n\n\n\n The attack is carried out on carefully selected targets, mostly organizations and businesses, using legitimate Windows sysadmin tools. Access to the network is gained gradually through security holes. After the ransom has been paid, no trace is left behind.<\/p>\n\n\n\n The most interesting statistic: Sophos, one of the most prominent cyber-safety companies, believes that there is just one person behind the SamSam attacks.<\/p>\n\n\n\n (Cyber Threat Alliance)<\/p>\n\n\n\n The \u201ccrypt100\u201d campaign targeted 15,000 businesses across the globe and generated roughly $5 million in profit for the CW3 group behind the attacks. US government statistics on ransomware published by the IC3 claim that CryptoWall is the most successful global cyber attack.<\/p>\n\n\n\n (Symantec)<\/p>\n\n\n\n Enterprises remain the prime targets for these types of cyber attacks. Email, the main channels of communication for businesses, is the primary means of ransomware distribution. <\/p>\n\n\n\n Symantec reports a 12% increase in ransomware attacks on businesses in 2018, despite an overall decline in occurrence when consumer attacks are taken into account.<\/p>\n\n\n\n (Malwarebytes)<\/p>\n\n\n\n IT experts in America are pessimistic about their chances of thwarting a ransomware internet attack on their company. Their Canadian and German colleagues are much more confident: 67% of them say they are safe.<\/p>\n\n\n\n (Kaspersky)<\/p>\n\n\n\n Recent security breaches have put heavy strain on businesses and enterprises. Withstanding such a heavy barrage of attacks requires a serious investment in cybersecurity.<\/p>\n\n\n\n (Herjavec)<\/p>\n\n\n\n This is up from $1 billion in 2014.<\/p>\n\n\n\n Here is the percentage distribution for ransomware attacks by country, according to Symantec.<\/p>\n\n\n\n (Dark Reading)<\/p>\n\n\n\n Businesses have little to no choice when a devastating ransomware attack hits – it’s a sink or swim situation.<\/p>\n\n\n\n While the frequency of attacks of businesses has dropped, according to ransomware statistics detailed in the latest Dark Reading report, the precision and effectiveness seem to be rising.<\/p>\n\n\n\n In 2018 only 4% of attacks resulted in a payoff, which is usually a last resort for an urgent situation. That percentage has risen to 15% in 2019.<\/p>\n\n\n\n (Stanford University)<\/p>\n\n\n\n There are an estimated 200 million internet users in the USA. Ransomware statistics from a 2019 Stanford study suggest that 17 million people have been ransomware victims.<\/p>\n\n\n\n More often than not, however, several people use the same computer. That means the number of ransomware victims is substantially larger than the number of households affected.<\/p>\n\n\n\n (Kaspersky)<\/p>\n\n\n\n Phones are not immune to ransomware attacks. All it takes is a single dodgy download from the app store to lock up the device.<\/p>\n\n\n\nKey Ransomware Statistics<\/strong><\/h2>\n\n\n\n
\n
\n
\n
\n
\n
\n
General Ransomware Statistics<\/h3>\n\n\n\n
There will be a ransomware attack every 11 seconds by 2022, according to a 2018 analysis by CyberSecurity Ventures.<\/h5>\n\n\n\n
According to cyber attack statistics published by Symantec, ransomware frequency declined 20% in 2018, the first drop since 2013.<\/h5>\n\n\n\n
Annual ransomware damages will skyrocket to $20 billion by 2022.<\/h5>\n\n\n\n
A staggering 638 million attacks were carried out worldwide in 2016.<\/h5>\n\n\n\n
Five million Americans were affected by ransomware attacks from June 2016 to June 2017.<\/h5>\n\n\n\n
How does ransomware spread? Phishing emails are the vector for two-thirds of ransomware infections.<\/h5>\n\n\n\n
46% of ransomware operators impersonate authority figures like the FBI. Among those attacks, 82% lock the victim\u2019s computer without encrypting files.<\/h5>\n\n\n\n
The search term \u2018ransomware\u2019 has seen an 877% increase in traffic since 2016.<\/h5>\n\n\n\n
Ransomware Revenue Statistics<\/strong><\/h3>\n\n\n\n
Ransomware attack statistics reveal $1 billion in annual revenues for cybercriminals.<\/h5>\n\n\n\n
How Much Money Have Recent Cyber Attacks Raised?<\/strong><\/h3>\n\n\n\n
Revenue from ransomware had the biggest jump from February to March 2016 – from around $400,000 to almost $2.5 million.<\/h5>\n\n\n\n
According to ransomware statistics, in 2016 and 2017 the median ransom demanded from consumers was $250.<\/h5>\n\n\n\n
42% of ransomware attackers ask for a prepaid cash voucher, consumers report.<\/h5>\n\n\n\n
95% of profits accrued from ransomware were laundered through the BTC-e cryptocurrency exchange.<\/h5>\n\n\n\n
Massive Ransomware Attack Statistics<\/h3>\n\n\n\n
WannaCry: The 2017 ransomware attack contaminated 200,000 computers worldwide.<\/h5>\n\n\n\n
\n
According to NHS ransomware statistics, the 2017 Wannacry attack put a \u00a373 million dent in the budget of the UK\u2019s National Health Service.<\/h5>\n\n\n\n
CryptoLocker: The global cost of one of the first modern ransomware examples was around $3 million.<\/h5>\n\n\n\n
Ryuk: The latest ransomware campaign generated more than $3.7 million in the first four months after it started in August 2018. The city of Riviera Beach, Florida, paid $600,000 in ransom.<\/h5>\n\n\n\n
Teslacrypt: In the first two months after it was launched, hackers extorted $76,000 by locking video game-related files on victims\u2019 computers.<\/h5>\n\n\n\n
NotPetya caused about $10 billion in damages worldwide, ransomware statistics from 2017 show.<\/h5>\n\n\n\n
Cerber: The creator of the ransomware software earns just under $1 million a year.<\/h5>\n\n\n\n
SamSam: The highest ransom ever paid for an attack was $64,000. SamSam has accrued a total of almost $6 million in ransom payments since 2015.<\/h5>\n\n\n\n
Cryptowall: One of the most lucrative ransomware families, Cryptoware generated $325 million in ransom payments since its inception.<\/h5>\n\n\n\n
Statistics of Ransomware Victims: Business and Enterprise<\/h3>\n\n\n\n
Ransomware statistics from 2018 show that businesses and enterprises accounted for 81% of ransomware targets.<\/h5>\n\n\n\n
Only 37% of American businesses are confident that they can stop a ransomware attack.<\/h5>\n\n\n\n
A business gets attacked by ransomware every 40 seconds, approximately.<\/h5>\n\n\n\n
Companies spend a total $10 billion globally on employee security training.<\/h5>\n\n\n\n
The Spread of Global Ransomware<\/h3>\n\n\n\n
The ransomware payout frequency for businesses almost quadrupled from 2018 to 2019, from 4% to 15%.<\/h5>\n\n\n\n
Statistics of Ransomware Victims: Consumers<\/h3>\n\n\n\n
About 9% of Americans have been victims of a ransomware attack at some point.<\/h5>\n\n\n\n
More than 4.2 million American mobile users suffered ransomware attacks on their phones.<\/h5>\n\n\n\n