63 Ransomware Statistics Every IT Pro Needs To Know In 2024

Cyber attacks threaten every industry, and the threat of ransomware is on the rise in 2024. These statistics reveal an unfortunate reality: businesses cannot outrun a ransomware attack. While they aren’t necessarily inevitable, they are prevalent and can significantly damage a company’s infrastructure. 

To help your business best defend against ransomware attacks, we’ve sourced the 61 best statistics that every IT professional should know in 2024. 

Editor’s Choice for Top Ransomware Statistics in 2024

As an IT professional, it is your responsibility to protect your company’s online and network infrastructure from ransomware. Pay close attention to these top ransomware statistics in 2024:

1. Ransomware cost the world $20 billion in 2021, and that number is expected to rise to $265 billion by 2031. (Coveware, 2021)

2. The average fee requested for a ransom was $5,000 in 2018, but it increased to around $200,000 in 2020. (National Security Institute, 2021)

3. According to a survey, 66% of the responding organizations were affected by some kind of ransomware attack in 2021. (Sophos, 2022)

4. So far in 2021, we’ve seen the largest payout for a ransomware attack to be $40 million made by an insurance company, setting a new world record. (Business Insider, 2021)

5. Ransomware attacks are so prevalent that experts estimate that in 2021, one will occur every 11 seconds. (Cybercrime Magazine, 2019) 

6. We are seeing a 600% increase in malicious emails since the start of COVID-19. (ABC News, 2021)

7. There were 236.1 million ransomware attacks worldwide in only the first half of 2022 (AAG, 2022).

What is a Ransomware Attack?

A ransomware attack is a type of cyberattack where a piece of malware attacks, encrypts, and locks a victim’s files so that they can’t access them. To gain access to the seized data, the victims must respond to the attackers’ demands, which usually result in handing over cash and other valuables.  

Ransomware attacks are powerful and can be debilitating. The ransomed attacker will usually target highly sensitive and valuable information, like financial data and personally identifiable information (PII) so that the company is more motivated to respond to the attacker. 

If the victim does not give in to the ransom attacker’s demands, then the attacker will threaten to publish the data online. Depending on the type of information stolen, this could result in millions of people being extremely vulnerable and falling victim to identity theft. This is extremely troubling for a company as this will likely mean that the company will fall out of favor with their customers. They could also lose their business. 

Other attackers will threaten to keep the company restricted from using their data, which renders them incapable of providing the services that they are supposed to provide for their customers. If the attacker is holding a financial institution ransom, then this means that clients can’t access their bank accounts or send money. This could be potentially debilitating.

The State of Ransomware Threats in 2024

As you can see, ransomware attacks are extremely dangerous. Therefore, these statistics will give IT professionals an idea of the state of this industry in 2024

8. In a survey of 1,086 organizations whose data had been encrypted through a ransomware attack, almost all (96%) got their data back. (Sophos, 2021)

9. Companies experience an average of 21 days of downtime following a ransomware attack. (Coveware, 2021)

10. 37% of all businesses and organizations were affected by ransomware in 2021. (Coveware, 2021)

11. Cryptocurrency has been the preferred payment method for cybercriminals, especially when it comes to ransomware attacks. Around $5.2 billion worth of Bitcoin can be connected to ransomware payouts. (FinCEN, 2021)

12. 77% of ransomware attacks in 2021 included a data leak threat. This is 10% higher compared to last year. (Coveware, 2021)

Unfortunately, while it is possible to recover from a ransomware attack, the recovery is not always successful. The company brand is typically damaged, and the data might even be corrupted following the attack: 

13. From a survey conducted with 1,263 companies, 80% of companies who paid a ransom payment experienced another attack soon after. And, 46% of those who had gotten access to their data found that most of it was corrupted. (Cybereason, 2021)

14. 32% of organizations whose data was encrypted in 2021 paid ransom to get their data back. (Sophos, 2021)

15. According to a Global Security Attitude Survey, 66% of respondents’ organizations suffered at least one ransomware attack in 2021. (Crowdstrike, 2021)

16. Companies (29%) were also forced to remove jobs following an attack. (Cybereason, 2021)

17. Cyber insurance policies can help protect revenue losses; unfortunately, 42% of companies indicated that available cyber insurance only covered a small portion of damages following a ransomware attack. (Cybereason, 2021)

Ransomware Trends in 2024

By identifying major ransomware trends, you can adapt your company’s security to better account for vulnerabilities and stay ahead of evolving ransomware attack styles. Here’s what you should look out for:

Ransom Demands are Increasing

With new approaches and technologies emerging, there is a trend that attackers are asking for more ransom. We’ve seen an increase in demand cost, which was $5.3 million in 2021, compared to only $270,000 in 2021. This is a 518% increase (PandaSecurity).


More and more, service providers are being used for ransomware. RaaS is a pay-for-use malware that is available on the internet (PandaSecurity). So now, ransomware is more readily available, which means that the risk of being attacked by ransomware is more and more likely.

The Exploitation of IT Outsourcing Services

IT outsourcing is becoming increasingly common and easy to do. Ransomware attackers have noticed this, primarily because outsourcing any kind of service presents inherent risks. 

Managed service providers (MSP), or any platform that serves multiple clients at a given time, can be a vulnerability to exploit. If a hacker could gain access to a single, powerful MSP entity, then they could gain access to several clients for which MSP is a service provider. 

Remote access tools present the greatest risk when working with MSPs. IT departments within companies using MSPs should consider increasing security by setting up partitions for remote access accounts and increasing security protocols even within networks. 

Attention Shifting to Vulnerable Industries 

As we will see in later statistics, the pandemic has highlighted how vulnerable certain industries truly are. Some sectors, like healthcare and educational facilities, have been hit the hardest during the pandemic. This is probably because these sectors have:

a) increased sensitive information, 

b) a distinct and critical need, and 

c) were forced to shift to remote work and new IT platforms throughout the pandemic but had limited support boosting security. 

In 2021, we’re seeing more ransomware attacks to the goods and services intdustry, which was also most targetd in 2022 and on the rise in 2021 (PandaSecurity).

Ransomware is Evolving (But So Are The Defenses)

As with any cyber attack type, ransomware continues to evolve. Recent years have shown us evolving ransomware attackers’ tactics. Luckily the defenses against ransomware are also evolving.

Nonetheless, new ransomware has been discovered in recent years, including: 

  • Netwalker: Netwalker was created by the cybercrime group Circus Spider in 2019. This ransomware gives rented access to malware code in exchange for a percentage of the ransom received. 
  • DarkSide: Hacker group DarkSide recently began targeting sensitive data, including backups through Ransomware-as-a-service, or RaaS.
  • Conti: A ransomware known as Conti uses a double-extortion to encrypt data on the infected machine. Conti attackers will start by sending a phishing email originating from an email address that the victim trusts.
  • REvil: REvil is also referred to as Sodin and Sodinokibi. This ransomware group has gained a reputation for extorting larger ransom payments and promoting underground cybercrime forums. 

The Cost of a Ransomware Attack

Ransomware attacks are costly both fiscally and to an organization’s reputation. And if not handled appropriately, they could present a major security risk to citizens globally. 

Victims of ransomware attacks have spent over $144.2 million trying to resolve the effects of these attacks. Here are statistics you should know around the cost of a ransomware attack: 

18. According to a Global Security Attitude Survey, 57% of respondents hit by ransomware didn’t have a comprehensive strategy in place to coordinate their response to an attack. (Crowdstrike, 2021)

19. In 2019, the cost of ransomware attacks exceeded $7.5 billion. (Emsisoft, 2019)

20. So far in 2021, payouts for ransomware attacks on mid-sized organizations averaged $170,404. (Sophos, 2021)

21. Chief Executive was attacked by a ransomware hacker in May of 2021, and they paid the hackers $4.4 million in bitcoin. (The Wall Street Journal, 2021)

22. FedEx lost an estimated $300 million in Q1 2017 from the NotPetya ransomware attack. (Cyberscoop, 2021)

23. No matter the ransom amount, there is a cost to recovering from a ransom attack, which averages $1.85 million. (Sophos, 2021)

24. The average cost of a ransomware attack in 2021 was $1.85 million. (Sophos, 2021)

25. FinCEN identified 68 ransomware variants in 2021. The most common variants were REvil/Sodinokibi, Conti, DarkSide, Avaddon, and Phobos. (FinCEN, 2021)

26. On average, businesses attacked by a ransom hacker are down for about 15 business days. Because of this inactivity, businesses lose roughly $8,500 an hour. (Health IT Security, 2020)

27. A ransomware attack hit an oil and gas company, costing them $30 million in ransom. (Datto, 2017)

28. One hacking group allegedly received $90 million in ransom payments in nine months from 47 victims. (Fox Business, 2021)

29. In 2021, IT management software provider Kaseya became a victim of a ransomware attack. The hackers asked for $70 million – the largest ransomware fee demanded so far. (ESET Threat Report, 2021)

30. IBM reported that the total cost of a ransomware breach, without including the cost of the actual ransom, was $4.62 million on average in 2021. (IBM).

31. Educational institutions paid out $2.73 million in 2021, which was 48% higher than the global average for all sectors. (EdScoop)

Preparing for a Ransomware Attack

With many cyber threats, it may seem nearly impossible to avoid an attack. And with increased notoriety, power, and sensitive data, then the chances of an attack happening increase exponentially. 

You can take steps to prevent an attack within your organization: 

Educate Your Employees

One of the biggest lines of defense against ransomware attacks is education. Much of the time, your employees won’t care to think about which email they should or not be clicking. In fact, they may rely on your business’ security and not take normal precautions. 

Train your employees on the security best practices that they need to take and their importance to the organization’s health. 

Avoid Clicking on Suspicious Links 

If you or your employee does not recognize the link or email sender, then you should not be clicking on it. Be wary of opening attachments, links, and unsolicited emails as they could be spam, and they could plant malicious software on your computer and infiltrate your network.

Verizon’s Data Breach Investigations Report (2018) reported that phishing was involved in 70% of data breaches. It’s crucial to be able to spot and eliminate a phishing scam!

Use Email and Endpoint Protections

Email scanners and filters and other endpoint protections could be a vital line of defense against ransomware. Antivirus, antimalware, firewall, and endpoint detection software keep your system security up-to-date with the latest malware signatures. 

If you have remote employees regularly accessing your system, you should set up security protocols like VPNs for that access. 

Use a Stronger Password System

Password protocols are one of the best ways to improve your company’s security. Not only are they free, but they are quick and easy security systems. Password security will be able to protect your company’s assets so long as it is done right. 

Ensure that all your employees use passwords that aren’t easy to guess and that change frequently. They should also contain at least one lowercase letter, one uppercase letter, a special symbol, and a number, in addition to being a certain length (at least 8 characters long). 

These best practices will evolve along with the industry, so continue to also use two-factor authentication to prevent password sharing and password overuse. 

Keep Immutable, Offsite Backups

Making sure your sensitive data is backed up and encrypted will ensure that you can continue to provide services during a ransomware attack. It also can limit the leverage of ransomware attackers. 

Limit access to backups in the chance that the ransomware targets the backup files as well. 

Use Data Loss Prevention

Backups cannot help in cases where the ransomware actor has also exfiltrated the data to their own servers and threatens to release that data publicly unless the ransom is paid. To combat exfiltration, consider data loss prevention software

Data loss prevention software can alert the administration every time data is moved, modified, or accessed by unauthorized users. You can therefore stop data movement and increase data visibility across your entire network. 

Ransomware Attacks By Industry

Healthcare Sector

32. Since 2009, there have been over 2,100 data breaches reported in healthcare. (Tech Jury, 2021)

33. Organizations and companies in healthcare only dedicate about 6% of their budget to cybersecurity. (Fierce Healthcare, 2020)

34. In 2020, ransomware attacks were responsible for half of all data breaches. (Health and Human Services, 2021)

35. On top of that, healthcare cyber attacks are more costly than any other industry, clocking in at $408 per record. (HIPAA Journal, 2020)

36. Since 2016, ransomware attacks in the U.S. healthcare system have cost providers $157 million. (HIPAA Journal, 2020)

37. 560 healthcare facilities were affected by ransomware attacks in 2020. (Emsisoft, 2021)

38. The Anthem Breach, which occurred in 2015, was the largest healthcare data breach in history, affecting nearly 80 million people. (Wall Street Journal, 2015)

39. The healthcare industry dominated ransomware attacks in the U.S. in 2016, accounting for 88% of all attacks. (Becker’s, 2016)

40. Cybercriminals attacked and stole 9.7 million medical records in September of 2020. (HIPAA Journal, 2020)

Education Sector

41. Between 2019 and 2020, we saw a 100% rise in ransomware attacks against universities. (BlueVoyant, 2021)

42. Ransomware attacks cost the higher education sector $447,000 on average. (BlueVoyant, 2021)

43. 1,681 higher education facilities have been attacked by 84 ransomware attacks since 2020. (Emsisoft, 2021)

44. Most universities (66%) lack basic security features, like email security configurations, which could repel ransomware attacks. (BlueVoyant, 2021)

45. The Cybersecurity in Higher Education Report found that 38% of analyzed universities had unsecured or open database ports. (BlueVoyant, 2021)

46. In 2020, cyberattacks against K-12 schools rose by 18%. (K-12 Cybersecurity, 2020)

47. Retail and education sector experienced the highest level of attacks. Almost 44% of respondents to a Sophos survey reported being hit by ransomware attacks. (Sophos, 2021)

Finance & Insurance Sectors

48. In 2019, 62% of all leaked records were stolen from financial institutions. (Bitglass, 2019)

49. Banking institutions are a huge vulnerability, as over 204,000 people have experienced a login attempt to their banking information in 2021. (Hub Security, 2021)

50. Most (90%) financial institutions have been targeted by ransomware attackers. (PR Distribution, 2018)

51. Smaller financial institutions (those with less than $35 million in national revenue) are experiencing a rising threat. (National Credit Union Administration, 2019)

52. 70% of attacks on financial institutions in 2020 came from the Kryptik Trojan malware. (Hub Security, 2021)

53. Over its lifespan, LokiBot has targeted over 100 financial institutions and has gotten away with over $2 million in revenue. (Hub Security, 2021)

54. Likely due to the 2020 COVID pandemic, banks experienced a significant (520%) increase in phishing and ransomware attempts in March and June of 2020. (American Banker, 2020)

Government Sector

55. One-third (33%) of attacks on governmental bodies in 2020 was ransomware (Security Intelligence, 2020)

56. A Florida city paid a $600,000 ransom to recover hacked files in June 2019. (CBS News, 2019)

57. Local and state government employees are hardly prepared for ransomware attacks, with only 38% trained in ransomware prevention. (IBM, 2020)

58. When ransomware attacked a Southern city in 2020, it cost the city over $7 million. (SC Magazine, 2020)

59. A ransomware attack in an East coast city in 2018 lost over $18 million. (Baltimore Sun, 2019)

60. 226 U.S. city mayors across 40 states signed a pact (2019) that says that they will deny ransom payments to cybercriminals. (Hashed Out, 2020)

61. The year 2019 saw a 60% increase in attacks against municipalities (year-over-year). (Kaspersky Labs, 2019)

62. A ransomware attack against state and local governments was the top cybersecurity story in 2019. (Government Technology, 2019)

63. From 2013 to 2018, 48 of the 50 U.S. states were affected by at least one ransomware attack. (Bank Info Security, 2019)

The Spread to Mobile Devices

With the rise of mobile technologies and the Internet of Things (IoT), hackers have also been attacking new vulnerabilities. By taking advantage of emergency alerts and relaxed security permissions on mobile devices, hackers can spread malware far easier. Many mobile ransomware variants can cover every browser window or app with a ransom note, rendering the mobile device unusable. 

Many of these tools are spread through ransomware-as-a-service, or RaaS, which is a subscription that allows affiliates to use already developed ransomware tools. This allows more ransomware attacks to be successful because the reach of the attack is decentralized and the authorities often have a hard time locating it and shutting it down. 

Creators of RaaS only require a percentage of a successful ransom. The average ransom demanded by hackers has increased by 33% since Q3 2019 ($11,605), and affiliates make up to 80% of each payment.

Mitigating a Ransomware Attack

It’s clear that ransomware attacks are dangerous. It’s best to arm yourself and your company as best as you can:

Reduce Your Blast Radius

Your blast radius is the amount of damage that can be inflicted once a single user or device is compromised. You want to minimize the blast radius by cutting off devices and isolating individuals based on their authorization level. Limit critical or sensitive data significantly and only to the people who need it. 

Implement a Zero Trust Security Model

Zero Trust Security is a model that assumes that cybercriminals can operate within the perimeter of your organization’s IT and physical defenses. Unfortunately, while you may have checks at the door to ensure that your company is safe, hackers can get in at any time. You may even hire them by accident!

Zero Trust assumes this and requires each user to authenticate when connected to your device. They might have to authenticate regularly like everyday or every time they want to gain access to your network.

Install Employee Monitoring With UEBA and Data Loss Prevention Software

Monitoring your network and employees is the best way to detect and stop ransomware from occurring. Set up employee monitoring with UEBA and also data loss prevention, so that you can see what your data is doing, when, and by whom. This software should all be part of your preventative threat detection system and response tactics. 

Fit with UEBA software, consider SoftActivity to protect your system against ransomware attackers and to limit the level of risk of insider threats

By SoftActivity Team.


Sources to add:





National Security Institute

Sophos (2021)

Business Insider

Cybercrime Magazine

ABC News



Cybersecurity & Infrastructure Security Agency




Fierce Healthcare

Health and Human Services

HIPAA Journal


Wall Street Journal



K-12 Cybersecurity


Hub Security,

PR Distribution

National Credit Union Administration

American Banker

Security Intelligence

CBS News


SC Magazine

Baltimore Sun

Hashed Out

Kaspersky Labs

Government Technology

Bank Info Security

Cyber Security Ventures

Health IT Security

Fox Business

Dark Reading survey

January 31st, 2023