Ransomware Statistics
The rapid growth of ransomware attacks has made this cyber threat a top concern for organizations worldwide.
Below you can dive into the aggregated ransomware metrics to discover the reality of operational and financial impacts that companies are facing from this massive problem.
While cybersecurity is a broad and massive industry, we’ve done our best to compile the data below from sources across the industry.
Cost of Attacks
Ransomware attacks continue to pose significant financial threats to businesses of all sizes. The immediate costs are clear, but there are often additional financial implications that are not immediately apparent. The expenses range from paying a ransom, paying a mediator, potential legal fees, incident response, data recovery, and bolstering security measures to prevent future attacks.
Almost one-third of SMBs faced $10,000–$50,000 in ransom cost
The average ransom demand on cases worked by Unit 42 consultants last year climbed 144% to $2.2 million.
The average payment on cases worked by Unit 42 consultants last year rose 78% percent to $541,010.
Organizations that paid the ransom during a ransomware attack achieved only a small difference in total cost, at USD 5.06 million compared to USD 5.17 million, a cost difference of USD 110,000 or 2.2%.
$ of extortion
Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before.
Response to Attacks
When ransomware strikes, the response effectiveness can significantly impact an organization’s ability to recover. For example, law enforcement involvement has shown to help reduce the total time and cost to contain a breach. Additionally, the automation of response workflows also contributes to faster containment of ransomware attacks.
Total time to identify and contain a ransomware breach was 11.4% or 33 days shorter with law enforcement involvement
Among organizations that experienced a ransomware attack, those that had automated response playbooks or workflows designed specifically for ransomware attacks were able to contain them in 68 days or 16% fewer days
The average cost of a ransomware breach was USD 5.11 million when law enforcement wasn't involved and USD 4.64 million when law enforcement was involved, for a difference of 9.6% or USD 470,000.
The mean time to contain a ransomware breach was 63 days or 23.8% shorter with law enforcement involvement
While 63% of respondents said they involved law enforcement, the 37% that didn't also paid 9.6% more and experienced a 33-day longer breach lifecycle.
Organizations that paid the ransom during a ransomware attack achieved only a small difference in total cost, at USD 5.06 million compared to USD 5.17 million, a cost difference of USD 110,000 or 2.2%.
Frequency and Identification of Attacks
The frequency of ransomware attacks presents an alarming picture of the cybersecurity landscape. The data shows a substantial number of organizations falling victim to ransomware attacks with an increased incidence of intrusions. Despite this, there is a decrease in successful detection which raises concerns about the evolving sophistication of ransomware strains
In intrusions related to ransomware, organizations were notified by an external entity in 70% of investigations.
Intrusions involving ransomware had a median dwell time of 9 days in 2022.
Specifics of Attacks
The specifics surrounding ransomware attacks provide a glimpse into the operational tactics of threat actors. Varied ransom demands, duration of attacks, and the proliferation of ransomware strains indicate a constantly evolving threat landscape. The details highlight the need for robust security measures and ongoing vigilance to stop these threats.
Total # of victims
In 2022, there were 2,462 total victims posted to ransomware leak sites we tracked, slightly fewer (within 1%) compared to the 2,471 posted in 2021.
Total NUMBER OF unique ransomware strains
Research from cybersecurity firm Fortinet stating that over 10,000 unique strains were active in the first half of 2022.
Time to recover after ransomware attack
58% of businesses paid the ransom.
14% of businesses paid the ransom more than once.
*60 days was the longest amount of time between ransomware operators posting public ransom notes and the set deadline for victim payment, for an attack against an automotive and manufacturing company by the Conti gang in March 2022. The shortest amount of time was 14 hours, as observed in 2 attacks that used LockBit ransomware; the average amount of time was approximately 10 days.
Trends in Ransomware
The evolving trends in ransomware highlight the rising threat posed by these malicious software attacks. With a clear uptick in activity and a notable decline in the detection rate, organizations face an uphill battle in securing their enterprise. Leadership’s perceived readiness versus the reality of organizational preparedness reflects a wide gap worthy of addressing.
Ransomware shows no signs of slowing, with activity ending 13X higher than at the start of 2023 as a proportion of all malware detections.
Half of the 78% of leaders who claimed their enterprises were prepared for an attack, still fell victim to them.
Fewer organizations are successfully detecting ransomware than in the past (13% versus 22%). (Good luck with your current EDR tools.)
Almost 75%, three quarters of companies say that a ransomware attack would be a death blow to their organization.
By 2031, ransomware will cost victims $265B annually, and it will attack a business, consumer, or device every 2 seconds.
27% of all malware breaches in 2023, involved ransomware.
Don’t become another statistic.
Get a demo of the Halcyon Platform and see how it is built with failure in mind, every step of the way.