22 Shocking Ransomware Statistics for Cybersecurity

Ransomware attacks can quickly turn into a nightmare for unprepared IT admins. In the past, hackers mostly operated on a linear scale, making it easy to predict their next move. These days, it’s more complicated.

As you’ll learn from these ransomware statistics, attacks nowadays are more elaborate, targeted, advanced, and broader. Consequently, the impact is also more detrimental. Furthermore, cybercriminals are gaining so much control that they can sway even large organizations to dance to their tune and give in to their financial demands.

Despite the combined efforts to secure information systems, recent statistics reveal a rising rate of successful attacks. But unlike other types of malware, ransomware is usually easier to spot. We’ve compiled some important facts about this type of cyberattacks to help you detect potential threats and strengthen your existing security systems.

Top Ransomware Statistics (Editor’s Choice)

  • Ransomware perpetrators carry out more than 4,000 attacks daily.
  • 1 in 3,000 emails that pass through filters contains malware.
  • On average, organizations pay a ransom of $233,217.
  • There’s a 19-day downtime following a ransomware attack.
  • 95 new ransomware families were discovered in 2019.
  • Ransomware attacks in the education sector rose by 388% between Q2 and Q3 of 2020.
  • In 2021, ransomware attacks against businesses will occur every 11 seconds.
  • The global cost associated with ransomware recovery will exceed $20 billion in 2021.

The First and the Biggest Ransomware Attacks in History

1. The first documented ransomware attack happened in 1989 and targeted the healthcare industry.

(Palo Alto Networks)

Did you know the first targets of a ransomware attack were healthcare professionals?

Three decades ago, Dr. Joseph Popp, an active AIDS researcher at the time, devised a plan to give out 20,000 floppy disks to his fellow AIDS researchers across 90 countries. He told them the disks contained a program that could assess a person’s risk of contracting AIDS in the form of a questionnaire.

But they didn’t have any idea they were infected with malicious software. They were the first victims of what would later become known as the AIDS Trojan. According to ransomware statistics, 24% of data breaches today occur in the healthcare sector.

2. WannaCry is the biggest ransomware attack in history.


Launched in 2017, WannaCry is considered the biggest and most widespread ransomware attack in history. It’s estimated to have crippled 200,000 computers in 150 countries, putting the world in a state of frenzy for four days.

The National Health Service (NHS) in the UK was most severely affected by this attack and is believed to have lost £92 million (almost $125 million in 2020 dollars). Cyence, a cyber risk modeling firm, assessed that the total loss caused by WannaCry was close to $4 billion.

General Ransomware Stats

3. The average cost of remediating a ransomware attack is a staggering $761,106.


In 2020, Sophos conducted a survey among 5,000 IT managers across six continents. What’s shocking about its findings is that paying cybercriminals the ransom money is only one half of the cost involved.

Companies also need to pay for all the working hours required to restore their systems, clean up the damage caused by the attack, and strengthen their cybersecurity.

The average ransomware demand globally is estimated at $761,106. Organizations that decide not to pay the ransom spend around $732,520 to recover their systems. Businesses that pay lose twice the amount due to all the additional costs, totaling close to $1.45 million.

4. Since 2016, more than 4,000 ransomware attacks have occurred daily.

(Federal Bureau of Investigation)

In the four years since January 2016, more than 4,000 ransomware attacks have been carried out daily, according to ransomware statistics from 2020 published by the FBI. The most common targets include private businesses, home users, and even government networks.

Experts believe that the sudden shift toward remote work caused by the COVID-19 pandemic has the potential to drive this number up. More than ever, it is crucial to have multiple layers of security, even for home networks.

5. Cybercriminals use bitcoin as a ransom currency because of its anonymity.

(ECPI University)

Some of the latest ransomware attacks show us how standard ransomware is slowly morphing into crypto-ransomware. Bitcoin is a widely used digital currency, and most cybercriminals nowadays demand ransom in this rather than some physical currency.

Not only is bitcoin untraceable, but it also isn’t overseen by any banks or government bodies. Plus, sending, receiving, and converting it to cash doesn’t require hackers to reveal their personal information.

6. 1 in 3,000 emails that pass security filters contains malware, including ransomware.


According to email phishing attacks statistics, using a filter tool doesn’t entirely eliminate the risk of ransomware. Although it provides some level of security, 1 in 3,000 emails that pass through commonly used filters may still be infected with some type of malware, ransomware included.

Furthermore, 1 in 4,000 emails contains malware previously unknown to cybersecurity experts. To avoid falling victim to ransomware, employees should learn how to differentiate between legit and malicious emails. Investing in a reliable email encryption service is also a smart idea.

7. On average, targeted organizations pay a ransom of $233,817.


Malware statistics from the third quarter of 2020 show that the average ransom payment was $233,817. This marks a 31% increase from the second quarter and a 47.8% increase from the first quarter of the year.

For comparison, the average payment in the third quarter of 2019 was $41,198, which means that its value has gone up by a staggering 467.5% year-over-year.

8. The average downtime due to a ransomware attack is 19 days.


According to ransomware attacks statistics, it’s not just the average ransom payment that increased over the past year — the average downtime caused by the attacks also saw a significant rise. In the third quarter of 2020, the downtime was 19 days, up 19.2% from 16 days in the second quarter.

In the third quarter of 2019, the average downtime was 12.1 days, which translates to an annual increase of 57%.

9. Only 26% of targeted organizations pay the ransom, but not all get their data back.


2020 ransomware statistics reveal that about one in four companies worldwide ends up paying the ransom to regain access to its files. However, in some cases, not everything goes according to plan.

Sonos reports that 1% of organizations pay the ransom and never get their files back. Looking at country-specific statistics, India has the highest percentage of organizations that decide to pay the ransom (66%), while Spain has the lowest (only 4%).

10. Cybersecurity insurance pays the ransom 94% of the time.


Cybersecurity insurance is one of the main anti-ransomware trends in today’s cyber world. In fact, 84% of organizations report having it. In times of security breaches, it can aid financially.

However, only 64% of organizations have policies that cover ransomware incidents, meaning that the other 20% aren’t protected in such cases. When organizations with anti-ransomware insurance are targeted by hackers and decide to pay the ransom, 94% of the time, it’s actually the cybersecurity insurance companies that cover the cost.

11. In 2020, 99% of organizations that paid the ransom received a functioning decryption tool.


Ransomware stats from the first quarter of 2020 reveal that 99% of victims who pay the ransom receive a functioning decryptor and successfully regain access to their files. This is up from 97% in the final quarter of 2019. However, these statistics show that 1% of organizations permanently lose their data even after paying the ransom.

Ransomware is the primary income source for the so-called Ransomware-as-a-Service groups of hackers. For this reason, they’re careful that the data they’ve stolen doesn’t get corrupted beyond recovery; otherwise, they risk losing their profits.

However, mistakes sometimes happen, so it’s crucial not to shell out a hefty sum of money before considering all your options.

12. According to ransomware statistics from 2019, organizations lost more than $7.5 billion due to ransomware attacks.


In 2019, at least 966 government agencies, healthcare organizations, and educational institutions were on the receiving end of the worst sequence of ransomware attacks ever recorded. The impact was severe, especially for the healthcare industry.

Medical records were inaccessible or even lost, which placed people’s lives at risk. The attacks also resulted in the cancellation of urgent surgical procedures and redirection of patients to other institutions.

13. In 2019, the FBI’s IC3 received 2,047 ransomware complaints with an estimated loss of over $8.9 million.

(Federal Bureau of Investigation)

In its annual ransomware statistics report for 2019, the FBI recorded 2,047 complaints related to ransomware. While the mere number of cases doesn’t look that worrying, the associated losses have a colossal value of over $8.9 million.

This report only refers to the complaints filed to the Internet Crime Complaint Center (IC3) and not directly to FBI agents or offices. Therefore, the actual cost and the number of attacks are probably much higher.

14. In 2019, there were 95 newly discovered ransomware families.

(Statista, Dark Reading)

This number is much lower than in the previous three years — 247 in 2016, 327 in 2017, and 222 in 2018. But a typical ransomware attack today is more advanced than in the past.

According to cybersecurity experts, hackers have learned they shouldn’t target thousands of victims at once and expect a few of them to succumb to their demands. Instead, cybercriminals now focus on specific organizations that are more likely to pay the ransom to have their data restored as soon as possible.

That’s why their interest has shifted from home users to local governments, healthcare providers, and smaller businesses with outdated operating systems.

Industry-Specific Ransomware Statistics

15. The private sector suffers more ransomware attacks than the public sector.


Contrary to what we repeatedly hear from the media, it’s not the public but the private sector that’s most often the target of cybercriminals. In 2019, only 45% of public sector organizations were victims of ransomware attacks. This is well below the 60% of media, leisure, and entertainment organizations that were also targeted, according to 2019 phishing statistics.

So why are the headlines claiming the opposite? That’s mainly because public organizations are financed from the public funds and obliged to report ransomware attacks. Private organizations don’t have such protocols, allowing them to keep any data breach or attack a secret.

16. New ransomware threats are mainly targeting the healthcare industry.

(Cybersecurity & Infrastructure Security Agency)

The FBI and the US Department of Homeland Security recently called a conference with healthcare executives to warn them of an imminent cybercrime threat to hospitals and care providers.

Namely, the global pandemic has caused a significant disruption in the healthcare sector, making it susceptible to some of the latest ransomware threats. Thankfully, after receiving intel, the FBI was able to give warnings on impending cyber attacks. This gives the healthcare sector time to strengthen its networks and systems.

However, with the increased healthcare spending during the pandemic, providers might find it challenging to locate funds to invest in their cybersecurity.

17. The total loss caused by ransomware attacks against US healthcare providers has hit over $157 million since 2016.

(HIPAA Journal)

According to ransomware statistics, the healthcare sector was the target of 172 attacks since 2016. 74% of these attacks were aimed at hospitals, while the remaining 26% targeted secondary institutions like dental services and nursing homes.

In all, the ransomware demand was $16.48 million, but healthcare providers only paid $640,000. The rest of the cost was associated with data retrieval, damage reparation, and improvements in cybersecurity.

18. Between the second and third quarter of 2020, there’s been a massive 388% increase in ransomware attacks in the education sector.


Higher education ransomware statistics reveal that the number of targeted institutions spiked from 8 in the second quarter to 31 in the third quarter of 2020. But unlike other industries, ransomware attacks on educational institutions typically follow a specific pattern.

Namely, cybercriminals compromise a network in early summer and slowly exfiltrate data from the institution. On average, they spend 56 days on these networks, waiting for the “right moment” to commence a full-scale attack.

For hackers, that moment is the beginning of the school year, after which, during the third quarter, they hit the targeted institutions with ransom demands. By following this pattern, they’re able to inflict the most damage to their targets.

Top Ransomware Trends 

19. Experts predict there will be a ransomware attack every 11 seconds in 2021.

(Cybercrime Magazine)

According to industry predictions, almost six ransomware attacks will occur every minute in 2021. This is a significant increase from one attack every 40 seconds in 2016 and one every 14 seconds in 2019.

These projections exclude attacks on individuals and focus on businesses. That’s alarming as ransomware stats reveal that home users with insufficient antivirus software are more at risk of attacks than organizations that invest millions in cybersecurity.

20. The parcel and shipping sector could be the next big target of ransomware attacks.


Some analysts predict that, in 2021, the shipping and delivery industry could also become the target of ransomware attacks. Driven by people’s dependency on these services during the lockdown, hackers will most likely perceive it as a viable opportunity to extort more money.

21. The global cost associated with ransomware recovery will exceed $20 billion in 2021.

(Cybercrime Magazine)

Out of all the different forms of cybercrime, ransomware is by far the fastest-growing. In 2021, the total ransomware costs associated with data recovery are projected to exceed $20 billion, 57 times more than in 2015. As ransomware attacks become more targeted and sophisticated, organizations will have to invest lots of money to improve their cybersecurity.

22. By 2025, organizations will invest more than $1 trillion in their cybersecurity.

(Cybercrime Magazine)

According to industry estimates for the period between 2019 and 2023, based on FBI ransomware statistics, the cost of cybercrime could reach $5.2 trillion. The ongoing online threats organizations face will press them to invest more in cybersecurity.

One layer of security won’t suffice in repelling cyberthreats from sophisticated hackers. Businesses will have to use a combination of the best antivirus software, a firewall, email filtering programs, and other security tools to ensure optimum defense. As a result, this will push worldwide spending on cybersecurity products and services to over $1 trillion by 2025.


The cyberworld isn’t that different from the world we live in. To protect your property and assets, you need to have a security system in place. Likewise, organizations that handle valuable customer data need to secure their networks and update their systems regularly.

Recent ransomware attacks show us that hackers aren’t going anywhere. What’s more, they won’t hesitate to take advantage of any difficult situation, even if it’s a global pandemic that affects us all. Organizations must arm their systems with the right tools to counter any possible attacks. A business’s loss is a hacker’s gain, so you must be proactive, now more than ever.

Was this helpful?

Thanks for your feedback!

Related Blog Posts

Join our 150K of happy users

  • Get original papers written according to your instructions
  • Save time for what matters most
Place an order