8 Ransomware Statistics That Will Impact How IT Professionals Make Decisions

JULY 28TH, 2020

Once upon a time, ransomware was an infosec buzzword, uttered infrequently but with dread. Today, ransomware has reached mainstream recognition, and it is feared by millions of IT departments with good reason. The frequency of ransomware attacks has grown exponentially over the past few years, and there is no sign that it will slow any time soon. 

If you aren’t convinced that ransomware could potentially affect your organization and cause an expensive, embarrassing mess of your data and business systems, consider these statistics that all IT professionals need to know about ransomware protection.

Common Ransomware Entry Points

Ransomware attackers are literally banking on the fact that enterprise network users aren’t paying close attention to what they click. 

The majority of ransomware is introduced through phishing. In 67 percent of ransomware attacks, a user was tricked into clicking a malicious link in an email or opening an infected attachment. In 16 percent of cases, the malware was introduced when a network user accessed a malicious website or malvertising.

Almost a third (30 percent) of reported attacks occurred through brute force efforts targeting weak passwords or poor access management processes. 


Frequency of Ransomware Attacks on Businesses

Ransomware is on the rise, and city governments and businesses are highly desirable targets. In 2019, 966 U.S. government agencies, educational establishments, and healthcare providers were impacted by ransomware. And the numbers continue to rise.

Ransomware reports increased by 25 percent in Q1 2020 compared to Q4 2019. Q2 is off to a strong start as well, with recent attacks including the city of Knoxville, Tenn., which was hit by ransomware in early June. 

Experts predict that by 2021, a business will be hit by a ransomware attack every 11 seconds, which is a significant increase from 2015’s average of every 40 seconds.

Industries Most Affected by Ransomware

With high-value patient data on the line, ransomware targets the healthcare industry fairly heavily. It is likely that these attacks will become even more frequent as we grapple with the fallout from COVID-19. Staffing changes, widespread uncertainty, and sustained high levels of stress mean more distracted system users to provide entry for malicious actors.

Ransomware attackers tend to focus their efforts where they are likely to get paid. This tactic makes government networks a popular target (15 percent of U.S. attacks) because of their need to avoid the large-scale disruption that downtime creates for government operations. Manufacturing (14 percent) and construction services (13 percent) are also frequent ransomware victims due to the potential for high-dollar losses if services are interrupted. 

Average Cost of Ransomware

In 2019, multinational manufacturers and U.S. city and county governments spent $176 million on costs related to ransomware attacks, including investigating the attack, rebuilding networks, restoring backups, paying ransom to hackers, and implementing preventative measures against future attacks.

But the United States isn’t alone in its expensive battle against this type of malware. In early June, Honda confirmed that a suspected ransomware attack was preventing company employees around the world from accessing computer servers and using email and other internal systems. 

According to Cybersecurity Ventures, the latest prediction is that global ransomware damage costs will reach $20 billion by 2021—that’s 57 times more than the costs in 2015. 

Average Cost of Ransom Payments

In Q1 2020, the average business ransomware payout was $111,605 (an increase of 33 percent from Q4 2019). However, this number is skewed high because it includes exceptionally large ransom payments. The median ransom payment is closer to $44,000, which is still a significant hit to a company’s bottom line.

How Many Companies Pay the Ransom

Although security experts generally recommend companies should not pay the ransom, the reality is that sometimes paying is the most attractive of a company’s bad options. In 2019, 45 percent of companies paid the ransom their attackers demanded, up from 39 percent in 2018.

But what happens if you don’t pay the ransom? In what is being called “the gold standard” of ransomware responses, one Norwegian company decided to find out.

When global aluminum producer Norsk Hydro received its ransom note, 22,000 computers across 170 sites in 40 countries came to a screeching halt and 35,000 employees had to pick up pencil and paper to keep working the old-fashioned way.

It took many months and upwards of $56 million dollars to recover, but Norsk Hydro didn’t give in to the attackers’ demands. The company’s honest, transparent approach to resolving what could have been a PR nightmare instead boosted its positive reputation with customers and stakeholders.  

The Cost of Ransomware-Inflicted Downtime

Today’s users demand almost 100 percent availability. Anything less can significantly damage your business and your reputation. Business interruption is one of the biggest costs associated with a ransomware attack, and in Q1 2020, companies affected by ransomware experienced an average of 15 days of downtime. 

That number is down slightly from the previous quarter, but there are few organizations that can easily weather two weeks of lost business and productivity.

Disaster Recovery

In the event of a ransomware attack, a comprehensive disaster recovery plan could be the only thing standing between your company and disaster. Even paying the ransom is no guarantee you will be able to salvage your business-critical files, so backing up your systems regularly and storing those backups separate from the network is key to recovery.

Although we all know how important these backups are, Storage Magazine reports that more than 34 percent of companies do not test their backups. That’s a lot of data security being left to chance. 

When you factor in studies that show nearly 60 percent of consumers will likely avoid doing business with your organization if you experience a cyberattack this year, you really can’t afford not to have a solid ransomware protection plan in place before you need it.

If these ransomware statistics surprise you, it’s time to take a closer look at your cybersecurity strategy and start making adjustments. To get help you get started, download Your Guide to a Ransomware-Free Future for tips and tools to protect your organization from today’s increasingly savvy ransomware threats.