By Blog

Ransomware statistics warn the cybercrime threat is constantly on the rise. Yet for many, even the terms ransomware and malware still remain something of a mystery.  

Simply put, ransomware most often denies someone access to their data. The attacker then promises to give it back upon payment.

Let’s have a look at some of the latest ransomware threats data we collected at The High Court and the financial results of the latest ransomware attacks over time.

Mind-Blowing Ransomware Statistics (Editor’s Picks)

  • There are over 6000 victims of ransomware every day. 
  • A ransomware attack happens every 14 seconds
  • The cost of ransomware attacks is estimated at $20 billion in 2020.
  • The most ransomware attacks, over 638 million, happened in 2016.
  • Nearly half of all ransoms are paid in Bitcoin. 
  • Up to 85% of attacks are directed at Windows users.
  • 25% of executives would pay over $20,000 to get their data back.
  • Government agencies are most often targets of ransomware, with 15.4% of all attacks.

General Ransomware Statistics

1. The first ransomware attack in history happened in 1989.

(Source: Digital Guardian)

According to Becker’s Hospital Review, ransomware history was created when the first recorded attack happened in 1989. It targeted the healthcare industry, which is still a favorite when it comes to choosing the victim. It wasn’t until 2005 that ransomware attacks became a massive threat, though.

2. There are over 6000 ransomware victims daily.

(Source: Purplesec)

Worldwide, a company will become a victim of a ransomware attack every 14 seconds, which means 6192 entities or individuals are attacked every single day. Let that sink in for a minute.

ransomware statistics

3. The total number of ransomware worldwide attacks from 2014 to 2019 is over 1.22 billion.

(Source: Statista)

Looking at ransomware statistics by year, 2016 was the year with the most ransomware attacks, over 638 million, followed by 2018, with over 204 million. The number in 2017 was 184, and ransomware attacks in 2019 counted 187 million cases. The years 2014 and 2015 had the lowest numbers, under 4 million each.

4. The cost of ransomware attacks is estimated at $20 billion in 2020. 

(Source: Purplesec)

The figure was $11.5 billion in 2019 and $8 billion in 2018, marking a drastic rise in the last couple of years.

5. Ransomeware incidents skyrocketed by 350% in 2018.

(Source: Purplesec)

Ransomware statistics for 2018 point out that this category had the fastest growth among all cybercrime types and methods. With such a mind-boggling increase, there’s no doubt ransomware is on the rise.

6. 90% of IT security professionals’ clients have been victims of a ransomware attack in the previous year. 

(Source: Purplesec)

Half of the 582 questioned security professionals respondents believe their organization isn’t ready to withstand and fight off a ransomware attack.

What’s more alarming: 

Up to 75% of the affected companies had up-to-date endpoint protection.

7. The average ransomware demand in 2018 was $1,077.

(Source: Purplesec)

10% of all individual ransom demands involve sums that go above $5,000. Companies paid $133,000 per ransom attack on average, including the ransom, downtime, and remediation.

The average ransom increased by a whopping 104% in Q4 2019. The sums involved ranged from $84,116 to $780,000 for large enterprises.

8. 25% of executives would pay over $20,000 to get their data back.

(Source: Purplesec)

How much are companies willing to pay in these cases?

Up to one-quarter of business executives said they’re ready to give anywhere between $20,000 and $50,000 to get all the encrypted data they lost in an attack. This is huge!

9. Almost 50% of all ransoms are paid in Bitcoin.

(Source: Purplesec)

Looking at ransomware payment methods, we can see almost half of all ransom is paid in Bitcoin. Other cryptocurrencies like Ethereum, Litecoin, and Dogecoin are used as well. 

10. The word “root” is attempted 12 times as often as the second top username guess by dictionary scripts.

(Source: Security Magazine)

In second place, there’s “admin,” which allows some access, while “root” opens up the entire computer.  The next most popular choices were “test,” “guest,” “info,” “adm,” “user,” “administrator,” and, finally, “oracle.” So, make sure you avoid these usernames!

11. Over 43% of password guess attempts are just reentering the username. 

(Source: Security Magazine)

Ransomware trends for 2020 teach us that the password that is a reentry of a username is the most dangerous practice. It’s followed by a username with a string of numbers as the least safe and yet extremely common option. 

12. Up to 85% of the attacks happen to Windows users.

(Source: Purplesec)

There’s a significant difference in the number of attacks that happen depending on the operating system. By far, Windows is the most targeted. Only 7% of attacks target MacOS, and 5% target Android. iOS stands out as the least affected, with only 3%, making iPhone ransomware somewhat rare compared to others.

13. 66% of ransomware attacks are CryptoLocker attacks, the most common type.

(Source: Purplesec)

According to cybersecurity facts and figures, the most common ransomware attacks are CryptoLocker types of ransomware attacks with about two-thirds of the cases. The following are WannaCry with 49%, CryptoWall 34%, Locky 24%, Petya 17%, CryptXXX 14%, and notPetya 12%.

14. 67% of ransomware is deployed by spam and phishing emails. 

(Source: Purplesec)

How is ransomware delivered?

Cyber crime statistics and trends show that spam and phishing is the most common way of deployment, with two-thirds of cases. Additionally, the lack of training in cybersecurity is responsible for 36% of the attacks, while poor access management and weak passwords lead to this in 30% of cases.


Bad user practice and just being naive is the cause in 25% of cases. Clicking on ads or malicious websites results in 16% of attacks, and another 16% is labeled as “other.”

15. 88% of Saudi Arabia-based companies were victims of ransomware attacks in 2019.

(Source: Purplesec)

Ransomware statistics for 2019 show the percentage of organizations that were the victims of a ransomware attack.  Most worldwide ransomware attack cases happened in Saudi Arabia, where 88% of organizations suffered an attack. 

Following are: 

  • Turkey 74%
  • China  69%
  • Spain 66%
  • South Africa 66%
  • Mexico 61%
  • Italy 58%
  • UK 57%
  • US 54%
  • Germany 51%
  • Canada 46%
  • France 44%
  • Australia 40%
  • Japan 38% 

16. The highest share of users attacked is in Thailand, 9.57%.

(Source: Purplesec)

The countries with the highest share of affected users on the global ransomware list after Thailand are:

  • UAE 8.67%
  • Iran 8.4%
  • Bangladesh 7.62%
  • Vietnam 6.17%
  • Saudi Arabia 5.45%
  • China 5.36%
  • India 4.28%
  • Algeria 3.59%
  • Turkey 3.22%

17. The highest ransom, $1 million, was paid by South Korean web-hosting company Nayana.

(Source: ITGovernance, BBC)

The highest ransom ever paid was by South Korean web-hosting firm Nayana in 2017, when it negotiated a $1 million ransom, down from a $4.4 million original demand. The company’s chief executive, Hwang Chilghong, acknowledged that there should be no negotiations with cybercriminals. As some data was permanently lost, the company offered the affected clients lifelong free hosting.

18. The city of Riviera Beach, Florida, paid a $600,000 ransom in 2019.

(Source: ITGovernance)

Second to the Nayana case, one of the biggest ransomware attacks occurred in Riviera Beach, Florida. City officials agreed to pay $600,000 when the city was hit by a wave of attacks and left paralyzed for three weeks. The successive payments amounted to $1.3 million, reaffirming that paying only causes more damage in the long term.

19. Government agencies are most often targets of ransomware, with 15.4% of all attacks

(Source: Purplesac)

Other industries targeted by ransomware in 2019 were:

  • Manufacturing 13.9%
  • Construction 13.2%
  • Utilities 11.1%
  • Professional services 10.4%
  • Retail 7.5%
  • Real estate 7.1%
  • Hospitality 6.1%
  • Healthcare 5.7%
  • Education 5%
  • Financial institutions 4.6%

Healthcare Ransomware Statistics 

20. 82% of healthcare organizations claim cybersecurity and data protection are very high on their priority list. 

(Source: Purplesec)

Ransomware statistics reveal healthcare facilities are among the most common targets. They have comprehensive databases of personal patient information, making them a good source for info later used for identity theft. This is why 69% of healthcare industry professionals believe to be at high risk when it comes to ransomware attacks, ransomware stats confirm.

They are very likely targets not only because of the abundance of personal data they store but because of the fact that they are, more so than others, willing to pay to recover their patients’ data.

21. 94% of healthcare providers report using advanced DLP software to protect their databases. 

(Source: Purplesec

However, only 16% of them say they have “fully functional” cybersecurity programs, and 43% are currently in the process of setting up one or don’t have one at all. 

22. Single patient health records are worth around $363 on the black market – the highest in all industries.

(Source: BBC, Purplesec

Given the high value, let’s have a look at some of the numbers related to healthcare breaches over the past years.

Here’s the scoop:

Universal Health Services, which provides healthcare for over 3.5 million people, was under attack from the Ryuk ransomware, which targeted 400 hospitals in the US and UK in 2020.

Ransomware statistics for 2020 recorded the first tragic stat when the Düsseldorf University Hospital ransomware attack indirectly lead to the first death as a result of the breach. A patient could not be tended to because of the crash the attack caused.

23. An average healthcare data breach can expose the data of around half a million people.

(Source: BBC, Purplesec

LifeBridge Health in Baltimore was the victim of the potential breach of 500,000 patients in 2018, with access dating all the way back to 2016

Health Management Concepts suffered a complete breach, with over 500,000 patients’ data in  2018. So did the CNO Financial Group, with over 566,000 of its policyholders and applicants compromised by access to data such as social security numbers, dates of birth, and insurance data.

It gets worse:

The data of over 1.4 million UnityPoint Health patients was compromised in 2018 in two separate attacks through phishing emails.

Finally, the target of the largest breach in 2018 was AccuDoc, a billing vendor, but the data was not extracted, just viewed.  

Small Business Ransomware Statistics

24. Up to 43% of cyber attacks are aimed at small businesses.

(Source: Purplesec)

While the biggest cyber attacks make the headlines, small businesses are also frequent targets.

In fact:

Over 47% of small businesses reported experiencing at least one ransomware attack in the previous years, while an alarming 44% of respondents had up to four. When it comes to malware statistics, the research shows 58% of targets are small businesses.

25. Over 70% of small businesses are not adequately equipped and ready to face cybercrime threats. 

(Source: Purplesec)

Up to 85% of small businesses report thinking about allocating more funds towards digital security and the use of managed security professional services. 66% say they are “very concerned” about their security. Additionally, up to 51% have no protection whatsoever.

Finally, three quarters report not having enough staff to handle this area.

26. Small businesses lost to cybercrime an average of $34,604 in 2018.

(Source: Purplesec)

What you need to pay attention to the most is email, as 4% of malware small businesses receive comes through email. Harmful emails are disguised as invoices in 7% of cases, 3% as email delivery failure notices, 4% as package delivery.

Last but not least: 

1.1% come in the form of legal messages, and 0.3% come as scanned documents.

27. Cyber security facts and figures reveal up to 60% of small businesses go down within six months of a cyber attack.

(Source: Purplesec)

The effect of a security breach on small companies is devastating. There’s not a price too high when it comes to prevention, as cyber facts reveal more than half of small businesses don’t recover from a cyberattack, especially a DDoS attack, quickly. The most concerning area is consumer info and records, followed by intellectual property and credit card information.

28. Web-based attacks are the most common with small businesses, as they happen in 49% of cases.

(Source: Purplesec)

The second most common type of attack targeting small companies as seen in phishing attacks statistics is phishing and social engineering at 43%. The next on the list are general malware at 35%, SQL injection at 26%, device issues at 25%, denial of services at 21%, advanced malware or zero-day attacks at 14%, malicious insider at 13%, cross-site scripting 11%, and ransomware at 2%.

[bctt tweet=”Up to 32% of small businesses tried phishing experiments to see how ready their staff is for ransomware phishing cyberthreats.” via=”no”]

29. SaaS and webmail services are the most targeted victims of phishing attacks in the online sector, with 34.7% in 2019.

(Source: Statista)

In Q2 2020, 18% of global phishing attacks targeted financial institutions, followed by payments with 11.8%.

30. $3.5 billion were lost in individual and company cyber attacks in 2019, FBI ransomware statistic reveals.

(Source: Forbes)

The FBI’s “2019 Internet Crime Report” states the total cost over that year was over $3.5 billion, with 467,361 registered complaints. For comparison, the total losses in 2015 were $1.1 billion.

In Conclusion 

Ransomware statistics indicate no one is safe when it comes to ransomware, small businesses or large enterprises alike. And the numbers are rising year after year. 

That being said:

The figures show people and companies are more than willing to pay staggering sums to get out of the immediate consequences of the attack. 

Bottom line:

While there is no easy ransomware fix, the best way to avoid loss is by investing in adequate protection software and becoming familiar with the safest practices. 


Q: How common is ransomware?

Ransomware is extremely common, with an attack happening every 14 seconds. Over 6000 entities are hit daily. In 2016, the number of ransomware attacked topped 638 million when ransomware detections were skyrocketing. Ryuk figures rose by a mind-blowing 543% in Q4 2018.

Q: What percentage of ransomware victims pay the ransom?

Anywhere from 40% to 58% of ransomware victims will pay the ransom. As the years go by, the number increases despite the fact that paying leads to additional ransomware costs and repeat attacks.

Q: How many ransomware attacks are there per day?

The computers used in a ransomware frequency study showed that they were usually attacked 2,244 times a day. According to Michel Cukier, Assistant Professor of Mechanical Engineering at Clark School’s Center for Risk and Reliability and Institute for Systems Research, hackers often gained access through password guessing.

Q: How often is a company hit by ransomware?

This largely depends on the industry, as healthcare and other keepers of big databases are the favored targets. A ransomware attack has already hit up to 90% of companies asking for assistance from IT professionals. Over 62% of businesses were the victims of attacks in 2018, which makes the odds of it happening to any company pretty high.

Q: Which type of device is the top target for ransomware?

According to the latest ransomware statistics, Windows devices are most prone to ransomware attacks, with up to 85% of all cases, followed by significantly lower rates on Mac, Android, and iOS devices. iPhones are quite safe from ransomware.


Leave a Comment

Your email address will not be published.

Sign in

Sign Up

Forgotten Password

Job Quick Search