37 Worrisome Ransomware Statistics

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

Ransomware is a type of malicious software that infiltrates your device and renders the files unusable until a ransom is paid. By encrypting your data and preventing access to it, it is nearly impossible for organisations to decrypt and recover their files. Even when a ransom is paid, there is no guarantee that the encrypted files can be recovered in full. In fact, by paying the ransom, you’re more likely to be targeted for future attacks.

Aside from data loss and system damage, organisations attacked by ransomware are also at risk of reputational damage and a disruption to normal operations which can all contribute to a decrease in revenue.

Ransomware statistics show that attacks are on the rise worldwide and aren’t showing any signs of slowing down. Want to find out how critical ransomware is in 2022? Let the numbers speak for itself:

Author’s Top Picks

  • 80% of organisations experienced a ransomware attack in 2021.
  • A new world record was set in 2021 for the largest ransomware payout at a sum of $40 million.
  • In 2020, around $18 billion was paid globally in ransoms.
  • Two thirds of Australia organisations had experienced a ransomware attack in 2020.
  • It’s estimated that ransomware will cost organisations over $265 billion annually by 2031.

Ransomware Statistics

1. The average ransom amount was $1.25 million in 2020.

Ransomware payments have grown year on year especially with the rise of attacks on businesses of all sizes. Attackers are constantly coming up with new ways that are more disruptive and damaging with debilitating impacts on business operations.

2. Only 65% of data is recovered for organisations who pay the ransom.

Despite promises by ransomware attackers that data will be returned once payment has been made, this is often not the case. Attacker provided decrypters often fail and there’s no guarantee the stolen data hasn’t already been deleted or sold on the black market.

3. The total number of ransomware attacks in 2020 increased by 62% compared to the previous year.

The shift to remote work in 2020 as exacerbated by the pandemic provided attackers the golden opportunity for more aggressive and powerful attacks. By exploiting the fear and uncertainty of organisations navigating the new norm, users are more likely to click on questionable links which can install ransomware on their devices.

4. 80% of organisations experienced a ransomware attack in 2021.

The low risk and high gains model of ransomware means attackers can send out phishing emails to a large number of organisations without many consequences. As long as a number of organisations continue paying the ransoms, attackers will be continually fuelled to develop more sophisticated ransomware to extort even greater funds.

5. The average downtime after a ransomware attack is 21 days.

A successful ransomware attack on a business costs the business both time, money, and energy to get back on their feet running. Lost productivity, missed revenue opportunities, and damaged data are just some of the short term ramifications of a ransomware attack.

6. 80% of organisations that paid a ransom experienced an attack shortly after.

Government bodies and cybersecurity experts all advise against paying a ransom as this encourages this activity to continue and puts organisations at risk for future attacks. A prevention first strategy is the key to minimising a ransomware attack.

7. Globally, a business will fall victim to ransomware every 11 seconds.

The huge volume of phishing emails that are sent out on a daily basis to target vulnerable businesses means successful attacks are growing in number.

8. There were 304 million ransomware attacks in 2020.

The rise in remote work has prompted attackers to take advantage of the uncertainty across the cyber landscape and exploit the security vulnerabilities that pertain to the home office.

9. Bitcoin accounts for 98% of ransomware payments.

Due to the anonymity of Bitcoin, cybercriminals can easily receive payment whilst keeping their identity hidden. Bitcoin’s accessibility and ease of use also increases the chance of victims paying the ransom.

10. 29% of companies were forced to remove jobs after a ransomware attack.

Ransomware attacks often stop companies without security measures in place in their tracks. A halt in operations results in lost revenue and work which many organisations cannot afford. Employees are often laid off following a ransomware attack or in some extreme cases, the entire company shuts down.

Major Ransomware Attacks on Businesses

11. A new world record was set in 2021 for the largest ransomware payout at a sum of $40 million.

One of the US’s biggest insurance companies – CNA Financial – experienced a ransomware attack that prevented it access to its core systems. The attackers asked for a $60 million ransom which was later negotiated to $40 million.

12. In 2021, the Australian Tax Office suffered a ransomware attack that compromised more than 42,000 accounts’ sensitive information.

Data such as tax file numbers, bank account details, remuneration, and superannuation were all stolen with staff access to myGov being disabled.

13. Toyota was hit with a ransomware attack in 2022 which caused it to suspend operations across all its plants in Japan.

One of its suppliers – Kojima Industries – was hit with a ransomware attack that disrupted its computer service system. The temporary halt across all of Toyota’s domestic productions lines impacted the production of approximately 13,000 vehicles.

14. Acer offered to pay hackers a $10 million ransom in 2021, to which they declined.

Acer was hit by two ransomware attacks in 2021. The latter attack was claimed by the Russian REvil ransomware group which demanded a $50 million ransom. The stolen data was sent to reporters and posted on online forums.

15. A specialist cardiology department in Victoria fell victim to a ransomware attack in 2019 which compromised 15,000 patient files.

Patient details such as medical data and personal information were all held hostage by the attackers with the department unable to access the data for approximately 3 weeks. A Bitcoin ransom was asked by the attackers to which the department reportedly paid.

16. Dharma (RaaS) has extorted approximately $24 million from small to medium businesses since 2016.

Despite asking for much smaller ransoms ranging from $8000 to $10000, Dharma has made enormous volumes of attacks globally which has made it one of the most successful RaaS ever created.

17. TeslaCrypt infected high profile game’s files such as Call of Duty, Minecraft and World of Warcraft with most ransoms ranging between $250 to $500.

However, in an odd twist of fate, TeslaCrypt released its master decryption key to its victims along with an apology note on May 2016.

18. Swissport was hit with a ransomware attack in 2022 that grounded planes and delayed flights at Zurich international airport.

22 flights were delayed as a result of the attack with the cybercriminals stating that they were willing to sell all 1.6TB of stolen data to a potential buyer.

Global Ransomware Statistics

19. The US was the number one country with the most ransomware attacks in 2021.

Ransomware attacks are more common in countries with higher internet connected populations. Tensions between the US and Russia are also thought to have influenced the boom with beliefs that Russia is the main mastermind behind the ransomware attacks.

20. In 2020, around $18 billion was paid globally in ransoms.

With more than 50% of victims paying the ransom and an increase of 80% in ransom demands, it’s no surprise that both businesses and home users have contributed to the billion-dollar industry.

21. The average ransomware breach cost $4.62 million worldwide in 2021.

As remote work was in full swing in 2021, the cost of a ransomware data breach reached an all time high. Remote workforces took longer to contain breaches with an average of 58 days to identify the attack.

22. It’s estimated that globally there is a ransomware attack on businesses every 11 seconds.

Ransomware variants are on the rise making it the fastest growing form of cybercrime. There have been exponential increases in year on year ransomware attacks so it’s vital that organisations have countermeasures in place to prevent and limit the impact of them.

23. Australia ranks number one within the Asia Pacific for the highest number of ransomware attacks.

Australia ranks 7th globally in terms of most ransomware attacks with the commercial and professional services sector receiving 37% of all attacks.

24. Ransomware attacks increased by 35% in Australia from 2020 to 2021.

With RaaS on the rise, it’s become even easier for cybercriminals to deploy ransomware to vulnerable organisations. Australian businesses are advised to invest in both employee security training and defence mechanisms to minimise their chances of falling victim to ransomware.

25. Two thirds of Australia organisations had experienced a ransomware attack in 2020.

Australian companies received 10% more ransomware attacks than the global average in 2020 with approximately a third of the victims paying the ransom. This has resulted in an average cost of $1.25 million for each data breach.

26. According to research by NordLocker, the top 5 countries attacked by ransomware are US, UK, Canada, France and Germany.

Between 2020 and 2021, the United States received 732 ransomware attacks which accounted for 76% of the top 5 countries’ attacks.

Ransomware Attacks by Industry Statistics

27. The manufacturing industry accounted for 30% of ransomware attacks.

Factories often use a variety of specialised equipment and software to get items manufactured which provides attackers with a wide surface area to target. Not all of the vast number of computer systems in place are well protected against the evolving tactics used by ransomware attackers.

28. The average cost of a ransomware attack on higher education institutions in 2020 is $447,000.

The shift to remote learning as a result of Covid-19 has caused universities to embrace new technologies and teaching methods that they’re not traditionally accustomed to. The variety of apps, devices, and portals used has significantly increased universities’ vulnerability to a number of cybersecurity risks such as ransomware.

29. 90% of financial institutions suffered a ransomware attack in 2021.

The sensitive information that financial institutions gather on their customers, partners, and the financial market make them the ideal target for ransomware attackers. Double extortion techniques such as threatening to release the data to the public can result in greater ransom payments as the subsequent negative consequences for the financial institution is enormous.

30. Only 38% of government workers have had proper ransomware prevention training.

Emerging cyberattacks on government bodies means they must be better prepared for ransomware disasters by providing training to all staff members and allocating specific budgets for these situations. A stagnant growth in ransomware training can lead to increased attacks with more damaging effects.

31. The local government and utilities sector are more likely to pay ransoms.

As these two industries provide valuable services to society, they also have higher propensity to pay the ransom to protect the encrypted data and restore essential services back to normal operations.

32. Although all sectors are targeted by ransomware attacks, more than 50% of attacks are aimed at the banking, utilities and retail sector.

As the nature of these industries provide important services to people and society, when services cannot be accessed, they’re more likely to pay the ransom to attackers.

33. There were 25 ransomware attacks globally on the healthcare industry in the first quarter of 2021.

Attacks on the healthcare industry can be quite detrimental as the system are inaccessible until the ransom is paid, which means many patients’ lives are often on the line as they cannot receive the help they need.

34. In 2020, a woman died due to a ransomware attack on a hospital in Germany.

As the emergency department of the hospital was closed due to the ransomware incident, the woman was redirected to another hospital for treatment. However, as the hospital was a substantial distance away, she didn’t receive the right treatment until an hour later. Her death serves as the first ransomware related fatality.

35. It’s estimated that ransomware will cost organisations over $265 billion annually by 2031.

The exponential growth and evolvement of ransomware in the past 5 years has led to a breed of new malware that is more challenging and damaging than its predecessors. Predictions for the future are that security awareness training is more important than ever as human generated risk is the main factor in infection mechanisms.

36. There are predictions that a ransomware attack will take place every 2 seconds by 2031.

Cybersecurity Ventures predicts that attackers will refine ransomware to the point where a new attack will take place globally every couple of seconds. The year on year growth of ransomware attacks means organisations should be prepared for a large jump in the coming years.

37. Gartner estimates that by 2025, 30% of national states will pass legislation to regulate ransomware payments, costs and negotiations.

The US has already declared the payment of ransomware to be illegal in 2021 as it creates additional motive for perpetrators to continue cyberattacks. Other countries are expected to also crackdown on ransomware payments in a bid to curb the exponential growth in attacks.


The most common way ransomware infects computers is via phishing emails which contain malicious attachments or links. By clicking on the link or attachment, the user will unknowingly download and install the ransomware which then begins encrypting files.

Ransomware can be removed from your device through deletion of the malicious files, however your files will remain encrypted. By disconnecting from the internet and wiping the infected device, you should be able to remove all ransomware. The best way to recover all the encrypted files is still through an offline backup.

Whilst there’s no method to completely protect your organisation against ransomware, the best defence is prevention and being prepared. Security hygiene and basic training can significantly reduce your chances of employees unknowingly clicking or installing compromised software. Multilayer security controls that uses firewalls, antivirus programs, and multi factor authentication can also provide your organisation with additional opportunities to identify the ransomware and stop it before harm is dealt.

Once your data has been encrypted with ransomware, it’s unlikely you’ll be able to recover it in full. Even if a ransom is paid, the data returned is often corrupted or damaged. The best approach to recovering data is through an offline backup which does not contain the ransomware that is infecting your current system.

Antivirus programs can only identify and detect ransomware that is within their database. Until the program is updated by their developers, users can still be vulnerable to new ransomware. However, antivirus programs cannot do much once a user has clicked and installed the ransomware.

The most common sign of a ransomware infection is the appearance of a popup message requesting payment to unlock files and system. Other indications include unusual file extensions, inability to access your device, movement of location of files, and the need for a password to access your files.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.