Ransomware attacks have become an increasingly serious cyber threat in recent years. Ransomware is a type of malicious software that encrypts files on a device or network, preventing access until a ransom is paid. These attacks can be devastating for businesses, hospitals, schools and other organizations. Understanding the scope of the ransomware problem is an important first step in combating it. So exactly how many ransomware attacks are happening each year? Let’s take a look at the data.
Key Statistics on Annual Ransomware Attacks
- The number of ransomware attacks increased by 105% globally from 2019 to 2020 (SonicWall 2021 Cyber Threat Report)
- In 2020, there were 304.7 million ransomware attacks worldwide (SonicWall 2021 Cyber Threat Report)
- The United States saw a staggering 145% increase in ransomware attacks from 2019-2020 (SonicWall 2021 Cyber Threat Report)
- Ransomware accounts for 27% of all malware attacks (Verizon 2022 Data Breach Investigations Report)
- The average ransomware demand increased by 171% in 2021 to $2.2 million (Unit 42 Ransomware Threat Report)
These numbers paint a grim picture. Ransomware attacks are sharply on the rise globally, with the United States seeing a particularly large jump. The increasing prevalence of ransomware has been enabled by the growing sophistication of cybercriminals and the continued success of ransomware attacks. Many victims feel they have no choice but to pay the ransom to regain access to their data. As a result, ransomware has become a lucrative endeavor for attackers.
Ransomware by Region
Ransomware does not impact all parts of the world equally. Some regions are harder hit than others. Here’s a breakdown of ransomware attacks by region in 2020 (SonicWall 2021 Cyber Threat Report):
| Region | Ransomware Attacks in 2020 |
|---|---|
| North America | 163.7 million |
| Europe | 44.7 million |
| Asia | 15.9 million |
| Latin America | 10.1 million |
| Africa | 9.9 million |
| Oceania | 984,000 |
North America, and the United States in particular, is the global epicenter of ransomware attacks. The region accounted for over half of all attacks in 2020. Europe was also significantly impacted. Other parts of the world have not been as heavily targeted, but still saw substantial numbers of attacks. As ransomware groups become more sophisticated and coordinated, no region is safe. However, North America is clearly the most attractive target for attackers currently.
Ransomware Targets
Ransomware threat actors tend to focus their efforts on certain types of organizations and industries. Here are some of the most targeted sectors (Verizon 2022 Data Breach Investigations Report):
- Public administration: ransomware accounted for 81% of malware incidents
- Education: ransomware made up 70% of malware attacks
- Healthcare: 69% of malware incidents were ransomware
- Manufacturing: 42% of malware was ransomware
Public sector entities, schools, hospitals, and manufacturers seem to be favored targets of ransomware groups. These organizations often have aging IT infrastructure, lack updated security tools, and have sensitive data that is essential for operations. Attackers know that these entities will often pay ransoms to regain access quickly.
In addition to industry targeting, many ransomware gangs are increasingly using access brokers to gain initial entry into corporate networks. Access brokers specialize in stealing legitimate credentials that provide backend access to thousands of organizations. The access is then sold to cybercriminal groups to carry out further exploitation and data theft. This has amplified the ransomware risk for a huge array of businesses and agencies.
Most Common Ransomware Variants
While ransomware attacks have grown more frequent, much of the activity is driven by a small number of prolific ransomware groups deploying sophisticated variants. Here are some of the most common ransomware strains seen in recent attacks:
- Conti – An ultra aggressive ransomware-as-a-service operation and one of the most rampant variants in 2021.
- LockBit – First appeared in 2019 and reemerged in 2021 with ransomware-as-a-service for affiliates.
- PYSA – Distributed via compromised remote monitoring and management tools to target MSPs.
- Quantum – Exploits vulnerable VPN appliances as an intrusion vector.
- REvil – Infamous ransomware group behind high-profile supply chain attacks.
- Ryuk – Widely used for bespoke targeted attacks on large enterprises.
These sophisticated strains, and the organized cybercrime groups behind them, are responsible for many of the most damaging ransomware incidents. Their tactics, techniques and procedures (TTPs) are constantly evolving to maximize chances of infection and extraction of ransom payments.
Recent High-Profile Ransomware Attacks
Several large-scale ransomware attacks on critical infrastructure and enterprises made major headlines in 2021. These incidents illustrate the major threat ransomware poses:
- Colonial Pipeline – Top U.S. fuel pipeline shut down for days after ransomware attack
- JBS – World’s largest meat supplier hit with REvil ransomware attack
- Kaseya – MSP platform breached to distribute ransomware to customers
- Ireland’s Health Service – Healthcare appointments canceled due to Conti ransomware
- Acer – Taiwanese tech giant reports $50 million ransomware loss
High-stakes attacks like these demonstrate how ransomware can severely disrupt critical infrastructure and vital services. The spillover effects on the economy, public health, and national security are significant.
Costs and Consequences of Ransomware
Ransomware attacks impose a multitude of costs on victims beyond just the ransom payment itself:
- Downtime and lost productivity from paralyzed IT systems
- Diversion of staff resources to remediation and recovery
- Reputational harm and brand damage
- Forensic investigation and legal fees
- Notifications and protection services for breach victims
- Future expenses for security upgrades
For healthcare organizations hit with ransomware, lives may even be put at risk due to delays in patient treatment.
According to research from Cyberreason, the average total cost incurred from a ransomware attack is $4.62 million. This factors in all the associated costs beyond just the ransom. With the increasing scale and sophistication of attacks, total costs per incident are rising.
Ransomware Projections and Trends
Given the rapid growth of ransomware, experts project that threats and costs will continue escalating in the coming years:
- Cybersecurity Ventures predicts global ransomware costs will rise to $265 billion by 2031.
- The World Economic Forum warns ransomware may become the biggest cyber threat to society within 5 years.
- Chainalysis found ransomware revenue increased 79% in 2021 to over $602 million worth of cryptocurrency.
- Crowdstrike anticipates ransomware actors will increasingly target cloud environments and supply chains.
These forecasts paint a worrying picture of the ransomware landscape. More frequent, sophisticated attacks that erode data integrity and disable critical systems appear highly likely. as long as the rewards outweigh the risks for attackers, the scourge of ransomware seems poised to get worse before it gets better.
Government Responses to Ransomware
With the ransomware threat intensifying, governments are under pressure to curb the risk to public services, infrastructure, and the private sector. Some initiatives include:
- The U.S. Department of Justice established a Ransomware and Digital Extortion Task Force.
- The Biden administration signed an executive order to enhance cybersecurity standards for government contractors.
- The G7 committed to increased information sharing and law enforcement collaboration against ransomware.
- OFAC sanctioned a Russia-based virtual currency exchange for facilitating ransomware transactions.
While these are positive steps, experts warn that substantially reducing the ransomware threat will require a concerted long-term strategy and investments in areas like cyber workforce development, threat information sharing, critical infrastructure security, and diplomacy. There are no quick and easy fixes to the ransomware epidemic.
Recommendations for Reducing Your Risk
For organizations hoping to avoid being the next ransomware statistic, proactive defense measures are essential. Top strategies include:
- Implement robust firewalls, email filtering and endpoint detection.
- Deploy effective vulnerability management programs.
- Utilize multi-factor authentication across all systems.
- Train staff on secure internet and email use.
- Regularly backup critical data to disconnected media.
- Conduct cyber incident response exercises and planning.
Staying vigilant and building resilience against evolving attack methods can dramatically lower your ransomware risk. But no single product or action can completely eliminate vulnerability. Defense-in-depth and cyber readiness must become core organizational priorities in today’s threat landscape.
Should You Pay the Ransom?
For victims faced with losing access to essential systems and data, the question of whether to pay ransom demands becomes complex. There are several arguments against paying:
- No guarantee you’ll regain data access after payment.
- Appears to encourage further attacks when word spreads.
- Puts resources in attackers hands to fund future activities.
- May violate regulations around financing criminal entities.
However, the business reality is that for some victims, paying the ransom is viewed as the most cost-effective way to resume operations. But this should only be considered after a thorough examination of all options. Paying ransoms also does nothing to deter future attacks.
There are no easy choices for ransomware victims. Prevention remains far preferable to the quandary of whether to meet extortionist demands after an attack succeeds. Building cyber resilience across the economy is critical to stemming the ransomware tide.
Key Takeaways
– Ransomware attacks are sharply increasing each year, with 304 million global attacks in 2020 alone.
– North America saw the most attacks, but ransomware is a growing universal threat.
– Public sector, healthcare, education and manufacturing are highly targeted.
– A limited number of skilled ransomware groups drive most of the activity.
– High-profile attacks on critical infrastructure demonstrate the serious dangers.
– Projections point to ransomware getting more frequent and costly over time.
– While government interventions may help, private sector defenses and readiness are key to reducing risk.
– Paying ransoms frequently restores systems, but also emboldens attackers.
Conclusion
Ransomware remains one of the most severe cybercrime threats facing organizations today. As attackers become more sophisticated, attacks more targeted and disruptive, and costs continuing to mount, defeating ransomware requires urgent attention and concerted efforts to boost cyber resilience across public and private sector entities. Awareness of the scale and growth of ransomware is vital for policymakers, business leaders and technology professionals to inform defenses, resources allocation and cyber strategy. While ransomware may never be completely eradicated, its impacts can be dramatically reduced through intelligence sharing, best practices, law enforcement operations and robust security architectures. With vigilance and collective action focused on deterring and disrupting ransomware actors, the world can stem the tide of attacks and ensure essential services, critical infrastructure and vulnerable populations are insulated from harm. But there is no time to waste in rallying a strong, proactive response. The stakes could not be higher as ransomware poses a major risk to public safety, economic health, and national security around the globe.