Ransomware Statistics and Ransomware Trends

There is no good news about ransomware statistics for 2022/2023. Attacks continue to increase as cybercriminals use data infiltrations and the threat of data leaks to increase pressure on companies to pay the ransom. Even if a company can restore data from backups, leaked data from a company that refuses to pay ransom may appear on database websites operated by threat actors.

The Data Breach Investigation Report (DBIR) by Verizon says there was a 13% rise in ransomware attacks year-over-year from 2021. This rise is a greater increase than the previous five years combined.

Statista projects that about 70% of businesses will suffer one or more ransomware attacks in 2022. These ransomware trends increased over the past five years and are the highest annual rate on record.

Blackfog reported that education, government, and healthcare were the top three sectors to experience a ransomware attack in 2022. Healthcare was the most popular target industry for ransomware attacks in 2023.

Here are more detailed statistics about these and other industries. 

Verizon reported ransomware updates of 832 incidents of data breaches for small businesses in 2022. Of these attacks, 130 confirmed data loss, with nearly 80% of the attacks a result of ransomware.

Small businesses are particularly vulnerable. A study reported by UpCity says only half of U.S. small businesses have a cybersecurity plan.

Statista says that 71% of global businesses felt the impact of ransomware trends. A total of 62.9% of the ransomware victims paid the ransom.

Cybereason surveyed nearly 1,500 cybersecurity professionals and found that almost three-quarters of organizations (73%) reported at least one ransomware attack. The total number of attacks was 33% higher than the previous year's report, and most ransomware attacks (64%) resulted from the compromise of third-party suppliers.

These attacks directly affected workflow and employees. Almost 40% of enterprises had to lay off employees after an attack, and 35% experienced C-level resignations. Another 33% had to suspend operations temporarily.

Most organizations (63%) also reported that the attackers were in their network for up to six months before detection, while 21% said attackers had 7-12 months of unauthorized access, and 16% said the attackers were in the network for over a year.

Almost half of the organizations (49%) paid ransom to prevent revenue losses, and another 41% paid ransom to quicken the recovery process. Of those with reported losses, most (67%) said they lost between $1 and $10 million, and over half of the companies that paid the ransom had corrupted data after removing encryption.

The study also highlights two particularly troubling ransomware statistics. First, 80% of businesses that paid the ransom were subject to another ransomware attack. Additionally, over two-thirds (68%) of companies that paid ransom experienced another attack within a month.

The most affected business verticals are legal, finance, manufacturing, and human resources.

IBM's 2022 report shows that a breach in the healthcare industry costs 42% more than in 2020. For the past dozen years, healthcare had the greatest average cost for any industry at $10.1 million per incident.

The 2022 ransomware trends from Verizon note that healthcare experienced more ransomware attacks focused on personal data than medical data.

The latest ransomware updates from a Trend Micro study of 145 healthcare organizations found that 57% reported a ransomware attack within the past three years. Another 25% had to stop operations due to the attack, and 60% said some attacks completely disrupted business processes. 

The average cost was $10.1 million to recover from the attack. However, ransomware statistics show some pay much more. For example, ransomware cost Universal Healthcare Services $67 million in labor expenses, lost income, and recovery.

Verizon reports that education, which accounted for 30% of the data breaches in 2022, experienced a significant increase in ransomware attacks, resulting in 1,241 data breach incidents. Of these attacks, 282 confirmed data loss or disclosure. External threat actors caused 75% of the violations, while 25% came from internal sources.     

Attacks on lower education (56%) and higher education (64%) increased. While nearly half of those attacked paid the ransom to recover their data, just 2% got all the data back. It costs, on average, $1.58 million for lower education to recover and $1.42 million for higher education to recover. The process sometimes takes months.

Verizon reports that the discovery method called "actor disclosure" occurred in 58% of the data breaches. An "actor" may be external to the company or someone internal. These ransomware trends in government agencies might be increasing due to the war between Russia and Ukraine.

The Cybersecurity and Infrastructure Security Agency reported ransomware attacks against 14 of the 16 U.S. critical infrastructure sectors, including the food and agriculture, emergency services, government facilities, defense, and IT industries.  

FinCEN is the government agency responsible for tracking financial crimes, such as money laundering and payment of a ransom in cryptocurrencies. FinCen identified a ransomware trend of more than $5.2 billion in ransom payments made in Bitcoin, which is the most popular method of ransom payment demanded due to the difficulty of tracing the transaction.

The latest ransomware updates show the U.S. Department of the Treasury Office of Foreign Assets Control (OFAC) issued sanctions against the Suex cryptocurrency exchange for facilitating ransomware transactions.

Verizon reported 2,337 data breaches in the manufacturing sector in 2022. Of those, 338 had disclosure of data, and 24% of the attacks (584) were ransomware.

Banking is a big target for threat actors. Verizon stated that organized crime is responsible for 79% of bank data breaches.

IBM says that the financial industry spends an average of $5.12 million to fight off data breaches, while CNBC reports that Bank of America spends over $1 billion annually on cybersecurity.

Ransomware payments are typically made using cryptocurrency due to their anonymous nature. Chainalysis determined that more than $602 million in payments for ransomware attacks used cryptocurrency.

According to a federal report with the latest ransomware updates, CNBC says American banks completed $1.2 billion in ransomware transactions.