60 Ransomware Statistics Every IT Pro Needs To Know In 2021

Cyber attacks threaten every industry, and the threat of ransomware is on the rise in 2021. These statistics reveal an unfortunate reality: that businesses cannot outrun a ransomware attack. While they aren’t necessarily inevitable, they are prevalent and can significantly damage a company’s infrastructure. 

To help your business best defend against ransomware attacks, we’ve sourced the 60 best statistics that every IT professional should know in 2021. 

Editor’s Choice for Top Ransomware Statistics in 2021

As an IT professional, it is your responsibility to protect your company’s online and network infrastructure from ransomware. Pay close attention to these top ransomware statistics in 2021:

  1. Ransomware continues to be one of the most prominent malware threats across all businesses. (Datto, 2019)
  2. The average fee requested for a ransom was $5,000 in 2018, but it increased to around $200,000 in 2020. (National Security Institute, 2021)
  3. According to a survey, 37% of the responding organizations were affected by some kind of ransomware attack in 2020. (Sophos, 2021)
  4. So far in 2021, we’ve seen the largest payout for a ransomware attack to be $40 million made by an insurance company, setting a new world record. (Business Insider, 2021)
  5. Ransomware attacks are so prevalent that experts estimate that in 2021, one will occur every 11 seconds. (Cybercrime Magazine, 2019) 
  6. We are seeing a 600% increase in malicious emails since the start of the COVID-19. (ABC News, 2021)

What is a Ransomware Attack?

A ransomware attack is a type of cyberattack where a piece of malware attacks, encrypts, and locks a victim’s files so that they can’t access them. To gain access to the seized data, the victims must respond to the attackers’ demands, which usually result in handing over cash and other valuables.  

Ransomware attacks are powerful and can be debilitating. The ransomed attacker will usually target highly sensitive and valuable information, like financial data and personally identifiable information (PII) so that the company is more motivated to respond to the attacker. 

If the victim does not give in to the ransom attacker’s demands, then the attacker will threaten to publish the data online. Depending on the type of information stolen, this could result in millions of people being extremely vulnerable and falling victim to identity theft. This is extremely troubling for a company as this will likely mean that the company will fall out of favor with their customers. They could also lose their business. 

Other attackers will threaten to keep the company restricted from using their data, which renders them incapable of providing the services that they are supposed to provide for their customers. If the attacker is holding a financial institution ransom, then this means that clients can’t access their bank accounts or send money. This could be potentially debilitating.

The State of Ransomware Threats in 2021

As you can see, ransomware attacks are extremely dangerous. Therefore, these statistics will give IT professionals an idea on the state of this industry in 2021

  1. In a survey of 1,086 organizations whose data had been encrypted through a ransomware attack, almost all (96%) got their data back. (Sophos, 2021)
  2. Companies experience an average of 21 days of downtime following a ransomware attack. (Coveware, 2021)
  3. Of those companies affected by ransomware attacks, 71% of them are infected. About half of those infected have at least 20 computers in their organization. (Acronis, 2020)
  4. Email phishing campaigns, RDP vulnerabilities, and software vulnerabilities are the most common tactics that hackers use to carry out a ransomware attack. (Cybersecurity & Infrastructure Security Agency, 2021)
  5. For every 6,000 emails, expect one to have suspicious URLs, even ransomware. (Fortinet, 2020)

Unfortunately, while it is possible to recover from a ransomware attack, the recovery is not always successful. The company brand is typically damaged, and the data might even be corrupted following the attack: 

  1. From a survey conducted with 1,263 companies, 80% of companies who paid a ransom payment experienced another attack soon after. And, 46% of those who had gotten access to their data found that most of it was corrupted. (Cybereason, 2021)
  2. Personal devices present security risks to organizational security. However, even knowing this, 65% of employers allow their employees to access company applications from unmanaged, personal devices. (Bitglass, 2020)
  3. Survey respondents also agreed that there was significant revenue loss (60%) and damage to their brand (53%) as a result of a ransomware attack. (Cybereason, 2021)
  4. Companies (29%) were also forced to remove jobs following an attack. (Cybereason, 2021)
  5. Cyber insurance policies can help protect revenue losses; unfortunately, 42% of companies indicated that available cyber insurance only covered a small portion of damages following a ransomware attack. (Cybereason, 2021)

Ransomware Trends in 2021

By identifying major ransomware trends, you can adapt your company’s security to better account for vulnerabilities and stay ahead of evolving ransomware attack styles. Here’s what you should look out for:

Exploitation of IT Outsourcing Services

IT outsourcing is becoming increasingly common and easy to do. Ransomware attackers have noticed this, primarily because outsourcing any kind of service presents inherent risks. 

Managed service providers (MSP), or any platform that serves multiple clients at a given time, can be a vulnerability to exploit. If a hacker could gain access to a single, powerful MSP entity, then they could gain access to several of the clients that MSP is a service provider for. 

Remote access tools present the greatest risk when working with MSPs. IT departments within companies using MSPs should consider increasing security by setting up partitions for remote access accounts and increasing security protocols even within networks. 

Attention Shifting to Vulnerable Industries 

As we will see in later statistics, the pandemic has highlighted how vulnerable certain industries truly are. Some sectors like healthcare and educational facilities have been hit the hardest during the pandemic. This is probably due to the fact that these sectors have:

a) increased sensitive information, 

b) a distinct and critical need, and 

c) were forced to shift to remote work and new IT platforms throughout the pandemic but had limited support boosting security. 

Ransomware is Evolving (But So Are The Defenses)

As with any cyber attack type, ransomware continues to evolve. In 2021, we have seen the tactics that ransomware attackers are using evolving. Luckily the defenses against ransomware are evolving also. 

Nonetheless, new ransomware has been discovered in recent years, including: 

  • Netwalker: Netwalker was created by the cybercrime group Circus Spider in 2019. This ransomware gives rented access to malware code in exchange for a percentage of the ransom received. 
  • DarkSide: Hacker group DarkSide recently began targeting sensitive data, including backups through Ransomware-as-a-service, or RaaS.
  • Conti: A ransomware known as Conti uses a double-extortion to encrypt data on the infected machine. Conti attackers will start by sending a phishing email originating from an email address that the victim trusts.
  • REvil: REvil is also referred to as Sodin and Sodinokibi. This ransomware group has gained a reputation for extorting larger ransom payments and promoting underground cybercrime forums. 

The Cost of a Ransomware Attack

Ransomware attacks are costly both fiscally and to an organization’s reputation. And if not handled appropriately, they could present a major security risk to citizens globally. 

Victims of ransomware attacks have spent over $144.2 million trying to resolve the effects of these attacks. Here are statistics you should know around the cost of a ransomware attack: 

  1. Ransom demand values have gone up, with many demands going over $1 million. (Cybersecurity & Infrastructure Security Agency, 2021)
  2. In 2019, the cost of ransomware attacks exceeded $7.5 billion. (Emsisoft, 2019)
  3. So far in 2021, payouts for ransomware attacks on mid-sized organizations averaged $170,404. (Sophos, 2021)
  4. Chief Executive was attacked by a ransomware hacker in May of 2021 and they paid the hackers $4.4 million in bitcoin. (The Wall Street Journal, 2021)
  5. FedEx lost an estimated $300 million in Q1 2017 from the NotPetya ransomware attack. (Cyberscoop, 2021)
  6. No matter what the ransom amount is, there is a cost to recovering from a ransom attack, which averages $1.85 million. (Sophos, 2021)
  7. In 2017, damage from ransomware attacks was up over $5 billion. This was 15 times the cost of ransomware damage in 2015. (Cyber Security Ventures, 2017)
  8. In 2019 vs. 2018, downtime costs have increased 200% year-over-year (2019 vs. 2018). (Datto, 2019)
  9. Businesses attacked by a ransom hacker are, on average, down for about 15 business days. Because of this inactivity, businesses lose roughly $8,500 an hour. (Health IT Security, 2020)
  10. A ransomware attack hit an oil and gas company, costing them $30 million in ransom. (Datto, 2017)
  11. One hacking group allegedly received $90 million in ransom payments in nine months from 47 victims. (Fox Business, 2021)
  12. If your business has over 100 employees, then it is four times as likely to be affected by a ransomware attack and pay ransom. (Dark Reading survey, 2020)

Preparing for a Ransomware Attack

With many cyber threats, it may seem nearly impossible to avoid an attack. And with increased notoriety, power, and sensitive data, then the chances of an attack happening increases exponentially. 

You can take steps to prevent an attack within your organization: 

Educate Your Employees

One of the biggest lines of defense against ransomware attacks is education. Much of the time, your employees won’t care to think about which email they should or not be clicking. In fact, they may rely on your business’ security and not take normal precautions. 

Train your employees on the security best practices that they need to take and their importance to the organization’s health. 

Avoid Clicking on Suspicious Links 

If you or your employee does not recognize the link or email sender, then you should not be clicking on it. Be wary of opening attachments, links, and unsolicited emails as they could be spam, and they could plant malicious software on your computer and infiltrate your network.

Verizon’s Data Breach Investigations Report (2018) reported that phishing was involved in 70% of data breaches. It’s crucial to be able to spot and eliminate a phishing scam!

Use Email and Endpoint Protections

Email scanners and filters and other endpoint protections could be a vital line of defense against ransomware. Antivirus, antimalware, firewall, and endpoint detection software keep your system security up-to-date with the latest malware signatures. 

If you have remote employees regularly accessing your system, you should set up secure protocols like VPNs for that access. 

Use a Stronger Password System

Password protocols are one of the best ways to improve your company’s security. Not only are they free, but they are quick and easy security systems. Password security will be able to protect your company’s assets so long as it is done right. 

Ensure that all your employees use passwords that aren’t easy to guess and which change frequently. They should also contain at least one lower case letter, one upper case letter, a special symbol, and a number, in addition to being a certain length (at least 8 characters long). 

These best practices will evolve along with the industry, so continue to also use two-factor authentication to prevent password sharing and password overuse. 

Keep Immutable, Offsite Backups

Making sure your sensitive data is backed up and encrypted will ensure that you can continue to provide services during a ransomware attack. It also can limit the leverage from ransomware attackers. 

Limit access to backups in the chance that the ransomware targets the backup files as well. 

Use Data Loss Prevention

Backups cannot help in cases where the ransomware actor has also exfiltrated the data to their own servers and threatens to release that data publicly unless the ransom is paid. To combat exfiltration, consider data loss prevention software

Data loss prevention software can alert administration every time data is moved, modified, or accessed by unauthorized users. You can therefore stop data movement and increase data visibility across your entire network. 

Ransomware Attacks By Industry

Healthcare Sector

  1. Since 2009, there have been over 2,100 data breaches reported in healthcare. (Tech Jury, 2021)
  2. Organizations and companies in healthcare only dedicate about 6% of their budget to cybersecurity. (Fierce Healthcare, 2020)
  3. In 2020, ransomware attacks were responsible for half of all data breaches. (Health and Human Services, 2021)
  4. On top of that, healthcare cyber attacks are more costly than any other industry, clocking in at $408 per record. (HIPAA Journal, 2020)
  5. Since 2016, ransomware attacks in the U.S. healthcare system have cost providers $157 million. (HIPAA Journal, 2020)
  6. 560 healthcare facilities were affected by ransomware attacks in 2020. (Emsisoft, 2021)
  7. The Anthem Breach, which occurred in 2015, was the largest healthcare data breach in history, affecting nearly 80 million people. (Wall Street Journal, 2015)
  8. The healthcare industry dominated ransomware attacks in the U.S. in 2016, accounting for 88% of all attacks. (Becker’s, 2016)
  9. Cybercriminals attacked and stole 9.7 million medical records in September of 2020. (HIPAA Journal, 2020)

Education Sector

  1. Between 2019 and 2020, we saw a 100% rise in ransomware attacks against universities. (BlueVoyant, 2021)
  2. Ransomware attacks cost the higher education sector $447,000 on average. (BlueVoyant, 2021)
  3. 1,681 higher education facilities have been attacked by 84 ransomware attacks since 2020. (Emsisoft, 2021)
  4. A large majority of universities (66%) lack basic security features, like email security configurations, which could repel ransomware attacks. (BlueVoyant, 2021)
  5. The Cybersecurity in Higher Education Report found that 38% of analyzed universities had unsecured or open database ports. (BlueVoyant, 2021)
  6. In 2020, cyberattacks against K-12 schools rose by 18%. (K-12 Cybersecurity, 2020)
  7. A school district in Massachusetts was attacked in April 2018 and paid $10,000 in Bitcoin. (Cyberscoop, 2018)

Finance & Insurance Sectors

  1. In 2019, 62% of all the records that were leaked were stolen from financial institutions. (Bitglass, 2019)
  2. Banking institutions are a huge vulnerability, as over 204,000 people have experienced a login attempt to their banking information in 2021. (Hub Security, 2021)
  3. Most (90%) financial institutions have been targeted by ransomware attackers. (PR Distribution, 2018)
  4. Smaller financial institutions (those with less than $35 million in national revenue) are experiencing a rising threat. (National Credit Union Administration, 2019)
  5. 70% of attacks on financial institutions in 2020 came from the Kryptik Trojan malware. (Hub Security, 2021)
  6. Over its lifespan, LokiBot has targeted over 100 financial institutions and has gotten away with over $2 million in revenue. (Hub Security, 2021)
  7. Likely due to the 2020 COVID pandemic, banks experienced a significant (520%) increase in phishing and ransomware attempts in March and June of 2020. (American Banker, 2020)

Government Sector

  1. One third (33%) of attacks on governmental bodies in 2020 were ransomware (Security Intelligence, 2020)
  2. A Florida city paid a $600,000 ransom to recover hacked files in June 2019. (CBS News, 2019)
  3. Local and state government employees are hardly prepared for ransomware attacks, with only 38% trained in ransomware prevention. (IBM, 2020)
  4. When ransomware attacked a Southern city in 2020, it cost the city over $7 million. (SC Magazine, 2020)
  5. A ransomware attack in an East coast city in 2018 lost over $18 million. (Baltimore Sun, 2019)
  6. 226 U.S. city mayors across 40 states signed a pact (2019) that says that they will deny ransom payments to cybercriminals. (Hashed Out, 2020)
  7. The year 2019 saw a 60% increase in attacks against municipalities (year-over-year). (Kaspersky Labs, 2019)
  8. A ransomware attack against state and local governments was the top cybersecurity story in 2019. (Government Technology, 2019)
  9. From 2013 to 2018, 48 of the 50 U.S. states were affected by at least one ransomware attack. (Bank Info Security, 2019)

The Spread to Mobile Devices

With the rise of mobile technologies and the Internet of Things (IoT), hackers have also been attacking new vulnerabilities. By taking advantage of emergency alerts and relaxed security permissions on mobile devices, hackers can spread malware far easier. Many mobile ransomware variants can cover every browser window or app with a ransom note, rendering the mobile device unusable. 

Many of these tools are spread through ransomware-as-a-service, or RaaS, which is a subscription that allows affiliates to use already developed ransomware tools. This allows more ransomware attacks to be successful because the reach of the attack is decentralized and the authorities often have a hard time locating it and shutting it down. 

Creators of RaaS only require a percentage of a successful ransom. The average ransom demanded by hackers has increased by 33% since Q3 2019 ($11,605), and affiliates make up to 80% from each payment.

Mitigating a Ransomware Attack

It’s clear that ransomware attacks are dangerous. It’s best to arm yourself and your company as best as you can:

Reduce Your Blast Radius

Your blast radius is the amount of damage that can be inflicted once a single user or device is compromised. You want to minimize the blast radius by cutting off devices and isolating individuals based on their authorization level. Limit critical or sensitive data significantly and only to the people who need it. 

Implement a Zero Trust Security Model

Zero Trust Security is a model that assumes that cybercriminals can operate within the perimeter of your organization’s IT and physical defenses. Unfortunately, while you may have checks at the door to ensure that your company is safe, hackers can get in at any time. You may even hire them by accident!

Zero Trust assumes this and requires each user to authenticate when connected to your device. They might have to authenticate regularly like everyday or every time they want to gain access to your network.

Install Employee Monitoring With UEBA and Data Loss Prevention Software

Monitoring your network and employees is the best way to detect and stop ransomware from occurring. Set up employee monitoring with UEBA and also data loss prevention, so that you can see what your data is doing, when, and by whom. These software should all be part of your preventative threat detection system and response tactics. 

Fit with UEBA software, consider SoftActivity to protect your system against ransomware attackers and to limit the level of risk of insider threats

By SoftActivity Team.



National Security Institute


Business Insider

Cybercrime Magazine

ABC News



Cybersecurity & Infrastructure Security Agency




Fierce Healthcare

Health and Human Services

HIPAA Journal


Wall Street Journal



K-12 Cybersecurity


Hub Security,

PR Distribution

National Credit Union Administration

American Banker

Security Intelligence

CBS News


SC Magazine

Baltimore Sun

Hashed Out

Kaspersky Labs

Government Technology

Bank Info Security

Cyber Security Ventures

Health IT Security

Fox Business

Dark Reading survey

November 1st, 2021