Data Protection Tool

How Past Ransomware Statistics Can Guide Your Business in the Future

Picture of Dale Shulmistra

Dale Shulmistra

Data Protection Specialist @ Invenio IT


ransomware statistics

If you’ve been following ransomware trends over the past couple of years, you may feel like you’ve been on a bit of a rollercoaster ride. From record-breaking ransom demands in 2021 to a drop-off in attacks in 2022, it can be difficult to pinpoint quite where the threat level stands. Fortunately, a quick review of some vital ransomware statistics can help resolve some of the lingering questions about the status of this ever-present hazard.

Although there have been some encouraging signs in the frequency of ransomware attacks in 2022, this highly-publicized form of cybercrime is still a major cause for concern. Looking at ransomware statistics from 2016 to today paints a much clearer picture of the current state of ransomware and where it might be headed in the future.

How Long Has Ransomware Been a Problem?

Before we dig into the numbers, let’s take a step back and look at the broader history of this cybercrime phenomenon. With this context in mind, we can look more closely at the severity of the threat of ransomware in its early days and use that as a point of comparison for today’s attacks.

1989: The First Ransomware Attack

Ransomware has a much longer history than many people realize, largely because it has become a much more ubiquitous threat over the past decade. The first documented case of ransomware dates all the way back to 1989 with the AIDS Trojan attack. Although the attack was primitive by today’s standards, it was definitely a harbinger of things to come as far as ransomware is concerned.

Delegates at the World Health Organization AIDS conference in Stockholm in 1989 received floppy discs infected with malicious code. Once they inserted the discs, their MS-DOS systems were rendered unusable with encryption.

As with modern ransomware, victims of the AIDS Trojan were greeted by a ransom note from the PC Cyborg Corporation, which demanded a payment of $189 in cash to restore access to their files. The delegates were instructed to mail the payments to an address in Panama.

Unfortunately for the attackers, the virus used a relatively simple form of symmetric cryptography, and security specialists were able to break it in short order. This same pattern of behavior continues today, only the technology and encryption at play have become far more complex.

2009: Crypto Changes the Game

Although there were additional ransomware attempts over the years following the AIDS Trojan, this particular criminal activity didn’t really take off for at least two more decades. Attackers struggled to find efficient and effective means to collect payments, making ransomware up until around 2010 more trouble than it was worth.

The development of Bitcoin, however, changed the landscape entirely. Bad actors seized on the opportunity to request ransoms in the form of crypto funds, which are easily transferred and difficult to trace. There is a clear parallel between the rise in the popularity of Bitcoin and other cryptocurrencies and the proliferation of ransomware attacks.

2013: CryptoLocker Offers Criminal Inspiration

Although CryptoLocker certainly wasn’t the first form of ransomware, it marked the beginning of a new era of cybercrime. Experts from every arena, including cybersecurity specialists and government agencies, began to sound the ransomware alarm.

The havoc wreaked by CryptoLocker was rather short-lived, as the FBI and a team of researchers put the enterprise out of business within seven months. During that time, however, the ransomware infected hundreds of thousands of computer systems around the world. This was more than enough evidence to other cybercriminals that ransomware had the potential for substantial profit, and a number of clones emerged not long after.

Has Ransomware Gotten Worse?

Determining whether the ransomware problem has gotten worse or better since the 2013 emergence of CryptoLocker requires examining a few different factors. Looking at 2016 ransomware statistics alongside current trends is a good starting place for answering this question.

Frequency of Attacks

The first metric to consider when evaluating the trajectory of ransomware is the frequency of attacks. Consider this data from Statista about the number of ransomware attacks in a given year:

  • 2016: 638 million
  • 2017: 183.6 million
  • 2018: 206.4 million
  • 2019: 187.9 million
  • 2020: 304.6 million
  • 2021: 623.3 million

There have been notable fluctuations in the number of attacks over the past decade, including a significant drop from 2016 to 2017. In fact, there was some hope that ransomware was waning, if not on its way out entirely, at that point. Yet by 2021, ransomware had rebounded and was as strong as ever.

Why is this worth mentioning? It’s important to keep in mind that a single point of data doesn’t reflect the full scope of the ransomware threat. As technology and society change, ransomware evolves with it, bringing in new attack vectors and vulnerabilities. For instance, the drastic jumps in 2020 and 2021 are likely associated with the COVID-19 pandemic, which gave cybercriminals ample opportunities to engage in new phishing attacks. In 2020, 54% of ransomware infections were caused by spam/phishing emails.

This is key to consider when we look at the statistics for the first half of 2022, which show the number of ransomware attacks on the decline once again. With 236.1 million attacks, 2022’s total number of ransomware incidents is unlikely to come anywhere near the enormous number of reported attacks in 2021. However, this doesn’t mean that the threat of ransomware is abating or that businesses should let their guard down anytime soon.

Ransom Payments

Ransomware payments have come a long way since the $189 demands of the AIDS Trojan attack. In 2021, an astonishing 11% of organizations paid ransoms of at least $1 million, and the average payment was $812,360.

Compare this to the numbers from 2016, when the average ransom demand was a mere $1,071. In other words, while the frequency of ransomware attacks may be on an uneven trajectory, the aggressive demands of cyber criminals are skyrocketing, putting businesses at much greater peril than ever before.

Ransomware Damages

While ransomware payments have been on a steady incline, the overall damages from this form of cybercrime are also on the rise. For greater context, consider these numbers:

  • In 2016, the world was stunned when ransomware damages exceeded $1 billion globally.
  • In 2021, organizations based in the United States lost $159.4 billion due to ransomware-related downtime. This doesn’t include ransom payments or the cost of recovery.
  • Experts project that the cost of ransomware attacks will reach $265 billion by 2031.

This exponential growth is frankly horrifying, and it underscores the precarious position of every organization that collects, processes, stores, and transfers any kind of data. Even if the number of ransomware attacks periodically dwindles, it’s not because the attackers are giving up. Instead, it’s an indicator that they’re becoming more focused and savvy and optimizing their systems.

How Has Ransomware Changed?

The spread and variety of ransomware have also changed over the past ten years. Ransomware gangs have become more sophisticated, lasering in on the most effective techniques so that they can make the widest possible impact.

Ransomware Families

Exploring the number of ransomware families can help put things into perspective. While a ransomware family sounds either warm and cozy or like something straight from the mafia, depending on your interpretation, it’s actually a reference to shared features and characteristics.

Ransomware families use common code signatures, commands, and attack styles. When an attack occurs, identifying the family can help cybersecurity experts respond appropriately. The most notorious families include WannaCry, REvil, and Cerber.

Statistics from the past decade show an interesting pattern in the discovery of new ransomware families. In 2015, the number of ransomware families discovered worldwide was only 29. However, in the subsequent years, there were dramatic rises and falls in those numbers:

  • 2016: 247
  • 2017: 327
  • 2018: 222
  • 2019: 95
  • 2020: 127
  • 2021: 78

As the numbers show, there was a massive influx in the number of new ransomware families from 2016 to 2018, but it has since leveled off. This isn’t entirely surprising. Ransomware was often scattershot in its earlier years as bad actors worked to determine the most effective methods for infiltrating systems and extorting businesses. In the modern world of ransomware, a select few prominent families have proven most successful, and criminals have followed those models rather than constantly trying to develop new ones.

Ransomware Proliferation

As the number of newly discovered ransomware families has declined, the percentage of organizations that have become victims of ransomware attacks has done the opposite. Data from Statista shows the spread of ransomware on a steady incline. They report the percentage of businesses worldwide victimized by ransomware attacks over the past several years:

  • 2018: 55.1%
  • 2019: 56.1%
  • 2020: 62.4%
  • 2021: 68.5%
  • 2022: 71%

Any organizations that have contemplated whether it’s worthwhile to invest in ransomware protection should take heed of these numbers, which clearly indicate that the answer is a resounding yes.

What’s the Future of Ransomware?

Combining the ransomware statistics of the past with those of the present is a great way to predict what may be coming in the future. This is a vital step for businesses hoping to protect against potential risks.

Growing Threat Against Small Businesses

Data shows that the long-term trend of criminal enterprises targeting large organizations to maximize payouts is changing. Instead, as reported by NPR, the Ransomware Task Force revealed that businesses with fewer than 500 employees were hit by 70% of attacks in 2021.

A report from cyber insurance company Coalition reinforces this point. Small businesses with less than $25 million in revenue were much more vulnerable to cyber attacks in 2021. In the second half of that year, overall claims severity for this group increased by 85%.

Increasing Government Pressure

Government agencies have an important role to play in the fight against ransomware. They’ve become both frequent targets of attacks and some of the most powerful pursuers of ransomware gangs.

Government Targets

Many crucial functions of society rely on the effective operations of government organizations, which makes them tantalizing targets for ransomware. A 2022 study by Sophos found that:

  • 58% of state and local government organizations were hit by ransomware in 2021.
  • 72% of state and local government organizations had data encrypted during a ransomware attack.
  • 58% of data was restored when state and local government agencies made ransom payments.
  • Ransoms for government agencies were significantly lower than for other industries, with 90% paying less than $100,000.

These numbers emphasize the fact that no organization is safe from ransomware. They also show that profitability is not the only priority of cyber criminals. Power is just as important, which is why ransomware gangs are increasingly targeting government agencies even though their ransom payouts are statistically lower than other industries, like healthcare and financial services.

Government Action

As they have done over the past several years, in the future, governments around the world will likely focus more time and resources on reducing ransomware incidences. Evidence of this shift is already in place.

For example, Rewards for Justice is offering a $10 million reward for information related to state-sponsored cyber crimes that target critical infrastructure in the United States. Likewise, in May 2022, the Department of State announced a reward of $10 million for information leading to the identification of any of the leaders of the Conti ransomware variant crime group.

Other important steps taken by the United States government include:

These and other measures to prevent ransomware and prosecute cyber criminals may be partially responsible for the dip in ransomware activity in 2022, as criminals are aware of a heightened level of government awareness.

Greater Focus on Cybersecurity

As ransomware has become so highly publicized, businesses have become more cognizant of the dire need for cybersecurity. The numbers indicate that this trend is likely to continue.

One of the primary motivators for organizations to improve their defense against ransomware is the cost of cyber insurance, a rapidly growing solution that organizations employ to help offset the costs if they experience a cyber attack. As of 2021, the cyber insurance market was valued at $10.33 billion, but it is projected to grow to $63.62 billion in 2029.

To keep the costs of cyber insurance low, many organizations have invested in improving their cybersecurity strategies. A recent study found that 97% of organizations changed their cyber defense to improve their insurance rates. These improvements include steps like:

  • Implementing new and improved technologies
  • Increasing training and education for employees
  • Changing standard processes or behaviors

This positive trend in improved cybersecurity is borne out by the numbers. In 2021, the value of the cybersecurity market was $139.77 billion. It is projected to grow to $376.32 billion by 2029 as organizations reinforce their systems to protect against all forms of cyber attacks.

Similarly, the U.S. Bureau of Labor Statistics projects immense growth in information security employment through 2031. They estimate a growth rate of 35%, which is much faster than the average for all occupations. This equates to nearly 20,000 new jobs in information security each year over the next decade.

How Can Businesses Guard Against Ransomware Attacks?

No matter where ransomware goes next, every business has options when it comes to protection and recovery. Investing in a high-quality data backup system, for example, offers a substantial amount of protection as it helps ensure that your data isn’t lost.

Keep in mind, however, that not all backup systems are created equal. With a reported 95% of ransomware attacks attempting to infect backup repositories, it’s vital that you find a solution with stringent security measures in place.

The type of backup you choose is also important. With a hybrid backup solution, your files are stored on both a local device and a cloud service, offering double the protection for your data. Fortunately, no matter the size of your business, you can find a backup solution. Based on your needs, look for an option with a massive data capacity or a smaller system for organizations with more limited budgets.

What Resources Are Available to Learn More About Ransomware?

When you read through the statistics, it’s easy to get overwhelmed by the sheer size and scope of the ransomware threat. The good news is that there are plenty of resources available to help guide even the least tech-savvy business owner. For example, you can visit the U.S. government’s official website for ransomware resources, which includes a free cybersecurity evaluation tool to help determine your business’s level of ransomware readiness.

The disaster recovery experts at Invenio IT are also on standby to help answer any of your questions, offer guidance on data backup solutions, and, if the worst has already happened, help recover your data. Don’t hesitate to reach out for a consultation or to discuss your business continuity plans.

Get the Ultimate Guide to Data Loss Prevention & Recovery for SMBs
Invenio it logo

Join 23,000+ readers in the Data Protection Forum

Related Articles