Ransomware 2022: Facts and Statistics

Andrew Mason


Andrew is one of the co-founders of Pentest People. He is a veteran of the Cybersecurity industry with many years of experience in building and running Security focussed businesses

Ransomware 2022: Facts and Statistics

In 2021, Ransomware Attacks cost businesses an estimated $11.5 billion. But that’s just the beginning of the story. What about all the other consequences of ransomware attacks? How do they affect businesses? In this blog post, we’ll take a look at some of the most important ransomware facts and statistics for 2021. We’ll also discuss what businesses can do to protect themselves from these devastating attacks.

What is a Ransomware Attack?

Ransomware is a type of malware that encrypts a victim’s files and demands a ransom payment in order to decrypt them. Ransomware attacks can be incredibly damaging to businesses, often leading to lost revenue, downtime, and data loss. Ransomware infected emails are generally veiled with other important emails. Thus, you invariably end up clicking on the spam link, and malware gets entry to your computer system. These attacks can happen both at an individual level or on a larger scale mainly targeting the big corporates.

Ransomware Damages to Businesses in 2021

Ransomware Attacks are one of the biggest cyber attacks today, gradually increasing year by year. Businesses are still in vulnerable positions, whereby Ransomware Attacks can still easily target them and have the potential to cause irreversible damage. Forbes Insights found a ransomware fact that stated 46% of organisations suffered damage to their reputations and brand value as a result of cybersecurity breaches in 2021. Damages mainly revolve around these key areas:

Data Loss

Businesses lose an average of $140,000 per ransomware attack due to data loss, downtime, and recovery costs. Data loss can cause a business to be down for 10 days or longer, meaning factors such as product sales and business productivity are affected.

  • The average ransomware victim loses around 35 percent of their data.

The businesses who experience ransomware attacks and who pay ransom for their data back, only receive around 60% of their data back and therefore loose around 35% of their data, which they never get back. This is a hugely common repeated mistake that businesses keep making as this is a short term fixture, meaning its likely for your business to experience a second ransomware attack from the same hacker group.

  • 80% of businesses that chose to pay a ransom demand suffered a second ransomware attack, often at the hands of the same threat actor group.

Instead of paying huge sums of money for ransom payments, businesses should invest in cyber security services and structures that will benefit their business long term instead of paying huge sums of money for ransoms after every successful attack. The average ransom payment has increased massively from 2020 to 2021.

  • The average ransomware payment climbed 82 percent since 2020 to a record $570,000 in the first half of 2021.

Lost Downtime

Ransomware attacks can cause significant downtime for businesses. Which can have a major impact on revenue, as businesses are unable to function for the full time of these days.

  • The average downtime a company experiences after a ransomware attack is 22 days.

The average cost of downtime caused by a ransomware attack is $53,000 per hour.

This downtime can be hugely costly for businesses as this is time that the business is not operational and therefore not making any money. The average downtime costs are rapidly increasing each and every year.

  • Downtime costs are nearly 50 times greater than the ransom requested in 2020.

Recovering from a ransomware attack is generally 10 times the size of the ransom payment. This means the recovery is the worst part of the attack.

Repetitional Damage

Businesses also risk damaging their reputation and because of this, loose clients and customers loyalty, leaving them in a position where they have to regain their customer base.

  • Data shows that 61 percent of consumers switched some or all their business to a competing brand in the last year.

Ransomware Attacks often come back on the business for their lack of security. Rather than a sense of understanding, businesses experience more criticism for their lack of security and safety, which can impact their clients and customers.

  • 6 in 10 security operations center professionals think only half their cybersecurity applicants are qualified.

Biggest Ransomware Impacts

These are a few factors that have significantly impacted Ransomware over the years.

JBS Attack - One of The Biggest Ransomware Impacts

Covid19 Impact

It’s no surprise to anyone that the pandemic changed a-lot for businesses. Ransomware was and still remains one of the biggest threats to businesses and this has significantly increased since the pandemic.

  • Malicious emails are up 600 percent due to COVID-19.

Remote working caused a huge impact on businesses and their security. Due to not having the IT support daily in the office environment, employees were individual from home. This caused a pressure behind the screens experiencing a whole new way of working.

  • 20% of companies faced a security breach because of a remote worker.

New networks were discovered and used more frequently such as Zoom. But unfortunately new/popular platforms become primary targets due to the huge use from the public. Networks such as Zoom, Microsoft teams and online messaging platforms were key targets for hackers.

  • Another ransomware fact is that Details of more than half a million Zoom accounts were sold on the dark web.

Colonial Pipeline Attack (2021)

On May 7, 2021, America’s largest “refined products” pipeline went offline after a hacking group called Darkside infiltrated it with ransomware. Colonial Pipeline covers over 5,500 miles and transports more than 100 million gallons of fuel dailyThe colonial pipeline attack was a huge attack during the pandemic that impacted the whole of the oil and fuel industry across the whole of the US.

  • In May 2021, Colonial Pipeline was the victim of a ransomware attack that affected the flow of oil across the eastern U.S.

The operation recovered 64 of the 75 bitcoin that Colonial Pipeline paid. At the time of the recovery, the 64 bitcoin were worth approximately $2.4 million.

  • Colonial Pipeline paid hackers $4.4 million in bitcoin after receiving a ransom note.
  • Another ransomware fact is Bloomberg says that during the attack, over 100GB in corporate data was stolen in just two hours.

On June 7, 2021, the DOJ announced it had recovered part of the ransom. US law enforcement officials were able to track the payment and take back $2.3 million using a private key for a cryptocurrency wallet.

JBS Attack (2021)

On May 31, 2021, JBS USA, one of the largest meat suppliers in the US, disclosed a hack that caused it to temporarily halt operations at its five largest US-based plants.

  • JBS paid the hackers an $11 million ransom in Bitcoin to prevent further disruption and limit the impact on grocery stores and restaurants.

JBS, which spends more than $200m (£141m) on IT and employs more than 850 tech specialists, said the FBI described the cybercriminal group that carried out the attack as “one of the most specialised and sophisticated” in the world.

  • The FBI attributed the hack to REvil, a sophisticated criminal ring well-known in ransomware attacks.

WannaCry (2017)

WannaCry is a ransomware attack that hit over 230,000 computers in more than 150 countries. The WannaCry attack was one of the biggest ransomware attacks in history. The attack caused billions of dollars in damage and impacted some of the world’s biggest companies.

  • The attack demanded users pay $300 to $600 worth of Bitcoin to decrypt their files.

In May 2017, a global ransomware attack known as WannaCry spread rapidly across the globe. Fortunately, a security researcher discovered a kill switch that stopped the spread of the malware. However, the WannaCry attack was a wake-up call for businesses and showed how vulnerable they are to cyberattacks.

  • The WannaCry attack affected more than 230,000 computers in more than 150 countries.

Since the WannaCry attack, there have been many other ransomware attacks that have caused significant damage.

Targeted Industries

Ransomware doesn’t discriminate. All industries can be targeted by ransomware attacks, some more primary than others, but businesses of all sectors and sizes can be victims. These a few listed statistics to show the impact of ransomware attacks to each industry.


  • The healthcare industry experienced a 51 percent increase in the total volume of records exposed between 2019 and 2021.
  • As of 2020, healthcare organisations dedicate only about six percent of their budget to cybersecurity measures.
  • In 2020, 560 healthcare facilities were affected by ransomware attacks in 80 separate incidents.
  • From January 1 to July 31, 2021, there were 2,084 ransomware complaints, a 62 percent increase over the same time period a year earlier.


  • Since 2020, 1,681 higher education facilities have been affected by 84 ransomware attacks.
  • Ransomware attacks against universities increased by 100 percent between 2019 and 2020.
  • 38 percent of analysed universities in the Cybersecurity in Higher Education Report had unsecured or open database ports.
  • A ransomware attack in April 2018 cost a school district in Massachusetts $10,000 in Bitcoin.

Finance and Insurance

  • In 2020, 90 percent of all financial institutions experienced ransomware attacks.
  • In 2020, 70 percent of the 52 percent of attacks that went after financial institutions came from the Kryptik Trojan malware.
  • Banks experienced a 520 percent increase in phishing and ransomware attempts between March and June 2020.
  • LokiBot has targeted more than 100 financial institutions, getting away with more than $2 million in revenue.


  • The top cybersecurity story in 2019 was about ransomware attacks against state and local governments.
  • Between 2013 and 2018, 48 U.S. states were affected by at least one ransomware attack.
  • The top cybersecurity story in 2019 was about ransomware attacks against state and local governments.
  • In June 2019, a city in Florida paid a $600,000 ransom to recover hacked files.

Biggest Ransomware Gangs

Below is a list of the most deadliest ransomware gangs and their main attacks.


The FBI has linked the Conti ransomware group to over 400 cyber attacks on organisations around the globe. In addition to being one of the most ambitious ransomware gangs, Conti is also the most trustworthy and unreliable of all. Attackers from this group usually send a phishing email originating from an address that the victim trusts.

  • Conti Group have demanded over $25 million in ransoms.


(Known now as Sodinokibi)

REvil first emerged in April 2019 and has since then been behind some of the biggest ransomware attacks. The group is believed to be from Russia and uses sophisticated tools to target big businesses. One of their most notable attacks was on Travelex, a foreign currency exchange company along with the JBS attack and computer manufacturer, Acer.

  • REvil have accounted for 37% of all tracked ransomware attacks.


DarkSide is a ransomware gang that operates as a Ransomware-as-a-Service (RaaS) operation that sells its services to affiliate malware gangs on the dark web. Darkside conducted one of the most damaging ransomware attacks in recent history on May 9, 2021, targeting Colonial Pipeline, shutting down 6,000 miles of pipeline which resulted in widespread shortages. DarkSide is a relatively new ransomware gang on the scene.

  • DarkSide have claimed responsibility for attacks covering a third quarter of 2022.


The Clop ransomware group has been active since at least mid-2019 and is notable for its use of a sophisticated modular ransomware framework called REvil. The group has carried out attacks against high-profile targets such as Airbus, Energias de Portugal, and Nissan. The group appears to be based in Russia and uses both phishing and ransomware attacks. Clop ransomware group is responsible for the attacks on companies like the jet manufacturer Bombardier, residential mortgage servicer Flagstar Bank, security firm Qualys and the Universities of Miami and Colorado.

  • The Ransomware gang added 21 new single victims to their data leak site within a month.


Another one of the dangerous ransomware gangs haunting organisations worldwide is Netwalker. The gang has brought in more than $30 million in ransoms since their appearance. Having been responsible for crippling several hospitals, schools and government agencies throughout the world.

Some of the most notable victims of the Netwalker ransomware include the Crozer-Keystone Health System, the Australian transport company Toll Group and California University’s COVID research sector.

  • Netwalker ransomware gang has made $25 million since March 2020.

How to Prevent a Ransomware Attack

Ensuring you take the necessary steps to protect your business from ransomware threats and risks is vital. Below are a few effective ways to prevent ransomware attacks from impacting your business or employees.

Educate Your Employees

Educating your employees and training them to spot ransomware attacks is the most important step to preventing ransomware attacks, ensuring staff understand the importance of cyber security will secure your workplace further from attacks.

Avoid Suspicious Links

Avoid clicking any links sent in texts, emails or even instructed over the phone. A ransomware fact states that Phishing emails are involved in 70% of data breaches, showing how common they are in workplaces, this is why it’s vital to be able to spot them.

Implement a Password System

Implementing a system such as password managers can massively help reduce the risks of cyber attacks, encouraging your employees to create more complex passwords to avoid the risk of hackers guessing staff passwords.

Install Firewalls and Antivirus

Firewalls and antivirus stop any malicious content or software from entering your systems, it’s important to have these in place as an extra layer of protection.

Create Regular Backups

Backing up all important data and files is vital to avoid the devastating effects of ransomware, if all else fails you can restore your system without having to pay a ransom.

Work With Cyber Security Experts

Working with cyber security experts is the most effective way to protect your business from ransomware, they will be able to provide you with the latest methods of protection as well as being on hand to help if an attack does happen.

Ransomware Facts FAQs

Q: Do I have to pay ransom for a ransomware attack?

A: It is not advisable to pay the ransom as this could encourage the attacker and does not guarantee that you will get your data back.

Q: How much should I expect to pay in ransom?

A: The amount of ransom demanded varies depending on the type of attack, the size of the organization and the amount of data encrypted.

Q: What industries were hit the most by ransomware attacks?

A: Healthcare, Education, and Government sectors were hit the most by ransomware attacks in 2020.

Q: What is the best way to prevent a ransomware attack?

A: The best way to prevent a ransomware attack is by working with cyber security experts who can provide you with the latest methods of protection to fully secure your business against ransomware attacks.

Ransomware is a serious threat to businesses and organisations worldwide, with attacks becoming more common and destructive. Ransomware is not going away any time soon. Ransomware attacks are increasing year by year constantly evolving with new techniques and new technology targeting businesses in as many industries as possible. To secure your business from Ransomware Attacks, enquire below.

Video/Audio Transcript