37 Eye-Opening Ransomware Statistics (a must read)

June 2, 2021

10 min read

Tracy Rock

Director of Marketing @ Invenio IT
ransomware statistics

37 Eye-Opening Ransomware Statistics (a must read)

by Jun 2, 2021Security

The latest ransomware statistics show that cybercriminals continue seeking every avenue possible to exploit the security vulnerabilities of organizations. It’s crucial that businesses grasp the severity of the threat represented by the ongoing rise in ransomware attacks worldwide.

These attacks can saddle businesses with millions of dollars in losses stemming from operational disruptions. And that’s precisely what gives the hackers leverage. Organizations without adequate backup are often desperate to restore their systems and end up paying exorbitant ransom demands – even when there are no guarantees for what happens next.

The year 2020 saw a 435% rise in ransomware attacks compared to 2019. Experts partly attribute this increase to the increased use of online services during the COVID-19 pandemic, which hackers have been eager to exploit.

Let’s take a deeper look into what these numbers mean, so you can start evaluating your company’s security protocols to keep your company from becoming a hacker’s next hostage.

The Latest Ransomware Statistics

1. Ransomware made up 27% of all malware incidents

Malware attacks cover an umbrella of methods hackers use to go after the weaknesses in an organization’s security. But increasingly, these bad actors are using ransomware as their go-to cyber weapon of choice, hijacking a company’s ability to function until they get what they want. (Source: Verizon 2020 Data Breach Investigations Report)

2. 18% of organizations detected and blocked at least one piece of ransomware

Businesses may not be employing enough safeguards to protect themselves against ransomware attacks. The increased frequency of ransomware attacks means companies need to look at how prepared they are to deal with the issue. (Source: Verizon)

3. The rise of ransomware use has contributed to a drop in Point of Sale (PoS) attacks in the Food Services Industry

The good news: PoS intrusions represented only 16% of security breaches in the Accommodations and Food Service industry, down from a high of over 75% in 2015. But here’s the bad news: experts say the trend indicates that hackers are turning to ransomware and other malware with a quicker return on investment. (Source: Verizon)

4. The entertainment industry has seen a 49% rise in ransomware attempts since 2015

Industries that might not have the most robust security infrastructure are becoming more frequent ransomware targets. That puts valuable intellectual property at risk of getting stolen or leaked if companies don’t pay off the cybercriminals who launched the attack. Ransomware hackers are increasingly using additional forms of malware to copy and steal data before making demands – a concerning development for sectors such as the entertainment industry. (Source: Verizon)

5. Ransomware made up 80% of malware attempts on educational services in 2020

As the pandemic forced many students to learn remotely, it created a prime opportunity for cyber thieves. Many educational institutions pulled together online programs in a hurry, meaning they may not have taken the time to apply proper security protocols. (Source: Verizon)

Summer can be an especially vulnerable time, even though school is out. That’s when many cybercriminals start stealing data from academic institutions. They wait until right before the beginning of the school year to execute a full attack and then make ransom demands. The goal is to inflict the most damage and put educational institutions in a place where they’re desperate to regain control. (Source: Emsisoft)

6. 23% of malware incidents within the manufacturing industry in 2020 involved ransomware

Data is lifeblood to manufacturing companies. Without it, operations can come screeching to a halt. So it’s no surprise hackers are increasingly targeting the manufacturing industry in an attempt to maximize their odds of a big ransom payment. (Source: Verizon)

7. Ransomware represented 61% of the malware attacks made on organizations partnered with the U.S. government

Depending on the system, ransomware can be very easy to install on a device or server once a hacker gains access through a user’s credentials or via another exploit. Firms with ties to the U.S. government represent another optimal target for cyber thieves. (Source: Verizon)

8. One out of every 3,000 emails that got past security filters contained malware, including ransomware

Ransomware-laden emails can often get past spam filters. Employees may still be at risk of inadvertently downloading and spreading ransomware that ends up hijacking an organization’s systems. Businesses must continue monitoring and refining the software used to keep out malicious emails. Workforce education around recognizing phishing attempts should also remain a top priority. (Source: Fortinet)

9. Businesses lost an average of $133,000 because of ransomware attacks

Losses from ransomware can take several forms: idle employees, service interruptions, revenue stoppages, long-term credibility losses and more. And for small businesses especially, the amount of money lost when employees are unable to work can be the difference between making it another year or going out of business. (Source: Fintech News)

10. Organizations paid out an average of $111,605 in ransomware payments in 2020, a 33% increase over 2019

Losing access to data, applications or the network for even a short time can prove devastating to an organization’s bottom line. It’s why so many of them often give in to the demands of hackers, even though they don’t necessarily keep their promises. (Source: Verizon)

Ransomware on Small and Medium-Sized Businesses (SMBs)

11. Seventy percent of SMBs reported ransomware attacks in 2020

It’s not just large corporations who need to worry about becoming the target of a ransomware attack. Hackers often target smaller businesses, knowing they don’t always invest in the necessary resources to protect them against more sophisticated attempts at hijacking company data. (Source: Datto)

12. While 84% of IT providers stated that they were concerned about ransomware, only 30% of their SMB clients felt the same

While technology professionals stay on top of ransomware threats, SMBs tend to be more concerned about day-to-day business functions than the state of their network security. That leaves them especially vulnerable to cyber attackers intent on exploiting system weaknesses with ransomware. (Source: Datto)

13. 62% percent of surveyed businesses reported impacts to their productivity because of ransomware attacks

Within that group, 39% experienced downtime that threatened the viability of their company, and 13% had data stolen. It can be difficult for smaller organizations to pick up and move on after experiencing a ransomware attack. (Source: Datto)

14. Ransomware represented 78% of cyberattacks against SMBs in 2019 and 2020

Among the 78% of businesses that reported ransomware attacks, 11% experienced multiple attacks in one day. Around 20% of SMBs ended up having to pay a hacker’s demands to regain functionality – although that is a risky gamble that is strongly discouraged except as a last resort. (Source: Datto)

15. 50% of SMBs increased their IT security budgets in 2020

Datto reports that 1 in 2 SMBs ramped up their security budgets in 2020 in an attempt to defend against the increase in attacks. This is a sign that many businesses are taking these threats seriously, but it’s concerning that 50% of surveyed SMBs have made no change to their security budgets.

16. Ransomware managed to get around 50% of cybersecurity efforts put in place by SMBs

Organizations of all sizes must do more than throw money at a single cybersecurity solution. Hackers continually modify their efforts, often exploiting human error. Businesses should make sure their cybersecurity protections account for those efforts. A multilayered approach that includes routine cybersecurity training for employees is the best way of preventing successful ransomware attacks. (Source: Datto)

17. SMBs saw their profitability decrease by 24% because of ransomware attacks

SMBs are often less able to absorb the loss of revenue caused by a ransomware attack. Many SMBs may not have the resources to meet a hacker’s demands, so they can suffer a loss that’s proportionally worse than what a large company might experience. Seventeen percent of SMBs who also endured a ransomware assault ended up with a damaged industry representation, further eroding their revenue. (Source: Datto)

Miscellaneous Ransomware Trends 

18. The cost of downtime for businesses under assault from a ransomware attack ended up being 50 times greater than the ransom requested

U.S. companies who received ransom requests of around $6,200 lost an average of $308,900 in downtime. The staggering difference in the two figures shows the importance of investing in the right disaster recovery and data backup solutions to prevent ransomware attacks from taking root in company infrastructure. (Source: Datto)

19. 54% of ransomware intrusions started with a phishing email

Phishing emails were the primary source of ransomware attacks in 2020. Education of employees should remain a top concern at organizations of all sizes. One “little” mistake could result in a company being sidelined by ransomware for weeks, or worse. (Source: Datto)

20. Managed service providers (MSPs) are increasingly the target of ransomware attacks

Hackers are putting a higher focus on the companies hired to manage business’s IT needs. Ninety-five percent of MSPs reported a higher level of ransomware attempts by cybercriminals looking for the credentials of their business clients. That trend has led to 46% of MSPs forming partnerships with additional security specialists to boost internal security preparedness. (Source: Datto)

21. Cybercriminals launched 91% of their ransomware attempts against Windows PCs

The large number of companies using computers with a Windows OS makes them the top target of hackers looking for an entry point into a company’s networks. They’re looking to exploit endpoint weaknesses, highlighting the need for businesses to pay closer attention to endpoint protection. Investing in backup solutions allows companies to get back online quicker, leaving them less vulnerable to costly downtime.

Windows servers represented another area of concern in 2020. 76% of MSPs said that ransomware attempts specifically targeted the Windows Server OS. But here too, these attempts usually start with an infected email. One unsuspecting user can unleash malware that uses the network to spread to every accessible company system. (Source: Datto)

22. Software-as-a-Service (SaaS) became an emerging focal point for ransomware attempts

 Companies often rely on SaaS platforms to provide access to essential business applications to their users. 64% of respondents said Microsoft 365 was the target of ransomware attempts, followed by Dropbox at 54% and Google Workspace at 25%. (Source: Datto)

23. Companies invested in more robust backup and recovery technology

 The threat of ransomware prompted 76% of companies to use reimaging from a backup as their main recovery method in 2020. That’s a change from the year before when reimaging from default was the primary mode of performing backups. (Source: Datto)

24. Organizations with BCDR solutions dealt with less downtime from ransomware

2020 data highlighted by Datto showed that business continuity and disaster recovery (BCDR) efforts proved to be the most effective at curbing ransomware fallout. (Source: Datto)

25. Companies dealt with an average of 21 days of downtime because of ransomware attacks in the fourth quarter of 2020

In many cases, these disruptions meant that businesses didn’t have enough “clean” machines available for workers to do their jobs. And in worst-case scenarios, operations were brought to a total standstill. Even companies with strong revenues typically can’t afford to be taken offline for extended periods without suffering long-term business damage. (Source: Coveware)

26. Businesses who paid for cybersecurity insurance had ransom demands covered 94% of the time

More organizations are turning to cybersecurity insurance to help them pay for ransom demands. However, while 84% of businesses reported investing in cyber insurance, only 64% purchased policies that provided ransomware protection. (Source: Sophos)

27. The private sector dealt with more ransomware attacks than the public sector

While 45% of public sector organizations dealt with a ransomware attack, industries like media, leisure and entertainment got hit harder at 60%. That underscores the need for heightened security protection in every business and government sector. (Source: Sophos)

28. 99% of companies who paid ransom demands in 2020 successfully regained file access

 While hackers making good on their end of a ransomware demand can be seen as a positive, that still means that 1% of organizations never regained their data, even after paying the ransom. This is one of several important reasons why authorities advise never paying up. (Source: Coveware)

29. The U.S. received 18.2% of worldwide ransomware attacks

 Ransomware targets businesses of all sizes, all over the world. According to recent data from Symantec, attacks against U.S. organizations represented nearly 20% of all attacks – the highest in the world, followed by China, Japan and India. (Source: Symantec)

30. Many cybercriminals rely on bitcoin for ransom currency

 Most ransomware demands request payment in bitcoin. That’s because it’s largely untraceable, not tracked by banks and governments and doesn’t require hackers to reveal personal details. (Source: EPCI University)

31. The FBI received ransomware complaints reporting a total loss of over $8.9 million in 2019

 What’s most worrisome is that the total number of complaints made to the FBI was only 2,047. You also have to question the number of businesses who went ahead and paid a ransom demand without reporting the incident to the authorities. (Source: FBI)

32. 40% of ransomware demands in 2020 involved both data theft and data encryption

 The continued evolution of ransomware means hackers are gaining more leverage over their targets. They’re capable of not only encrypting data, but also stealing it and threatening to make it public. This increases the urgency for businesses to pay up with the hopes of regaining business functionality without a publicity crisis and class-action lawsuit.

Cyber thieves managed to embed ransomware in Facebook, Microsoft 365 and numerous other products used in the workplace. One trend that tripled in the second half of 2020 was to place ransomware in default features like Excel formulas, which are harder to detect and block. (Source: Helpnet Security)

33. The healthcare industry has become the primary target of new ransomware attacks

 In 2020, the U.S Department of Homeland Security and the FBI warned that disruption from the COVID-19 pandemic left the healthcare industry vulnerable to more sophisticated ransomware threats. And indeed, ransomware attacks against hospitals soared last year.

But the industry was already a prime target before then, having already lost over $157 million because of ransomware attacks since 2016. The race is on for the healthcare sector to reinforce its systems and networks to keep hackers from exploiting any weaknesses exposed by the pandemic. (Source: Emsisoft)

34. Ransomware threats will only increase throughout 2021

 Many security experts expect to see around six ransomware attacks happening every minute throughout 2021. That doesn’t include attacks on individuals, which means the frequency of attacks is actually even higher.

35. Cybersecurity spending by organizations is expected to reach over $10.5 trillion by 2025

 The question is: how is this cybersecurity budget being spent? The ideal investment should include a combination of data backup, network protection, email filtering, antivirus solutions and cybersecurity training for employees, among other defenses. (Source: Cybercrime Magazine)

36. The shipping and parcel industry could become the next big ransomware target

 The lockdowns brought on by the COVID-19 pandemic increased the need for package services. Even as the world slowly makes its way back to a new normal, the shift will likely become permanent for many. That represents an opportunity for hackers looking for new financial outlets for their ransomware demands, such as the shipping and logistics sector. (Source: Nextgov)

37. Ransomware recovery costs in 2020 may have exceeded $20 billion

 Sadly, the fallout from ransomware damage in 2020 is ongoing and still being calculated. But if estimates are correct, then recovery costs last year will exceed $20 billion, 57 times the amount paid out just 5 years earlier. That sobering reality only reinforces the need for organizations to put time and effort into expanding their security infrastructure. (Source: Cybercrime Magazine)


Today’s ransomware statistics show that this threat is not going away anytime soon. The continued rise in attacks is something that SMBs must take seriously. In some cases, the fallout from a ransomware attack can lead businesses to shutter their doors permanently. Smaller organizations need to become more vigilant about building and maintaining a robust disaster recovery plan, which absolutely must include data backup.

Protect Your Organization from Ransomware

 Let Invenio IT evaluate your security posture and identify the disaster recovery solutions and security strategies you need to safeguard your business from ransomware and other threats. Set up a demo with us, or speak with us about your security concerns by calling at (646) 395-1170 or emailing success@invenioIT.com.

New call-to-action

Director of Marketing @ Invenio IT