Ransomware - statistics & facts
With the potential to significantly disrupt business operations and cause reputational and financial damage, ransomware remains one of the most persistent cyber threats worldwide. This type of malware encrypts files containing sensitive information, demanding ransom payments in return.
Ransomware can be very costly and cause significant damage to the organizations. Given time, it only becomes more serious and sophisticated. In which case, the automated systems are needed to provide direct and constant protection, especially to the most critical industries. Specialists working in IT security know this very well, but are often not provided with the necessary resources.
Ransomware encounters
The nature of ransomware attacks varies, depending on the kind of organization and the attack intention. Often, the motivation for a ransomware attack is financial gain, and sometimes, the main goal is to disrupt operations that cause downtime and reputational harm. Some threat actors deploy various other attacks alongside ransomware, such as distributed denial of service (DDoS), to create additional pressure on the victim. In 2023, roughly seven in 10 of the worldwide reported cyberattacks were ransomware attacks, with more than 317 million attempts recorded. The highest share of companies targeted by ransomware attacks were in France and South Africa.Leading ransomware groups
In the United States, certain ransomware variants are gaining prominence. Some of them have been around for a long time, and some appeared only recently. In the second quarter of 2023, Akira and BlackCat were the leading ransomware variants, with a combined 27 percent market share. In 2023, Magniber Trojan topped the list of the most encountered ransomware Trojans, with over 17 percent of encounters.Targeted industries
Ransomware attacks usually target institutions and organizations that are mission-critical, such as healthcare, finance, manufacturing, and government organizations. Often, these organizations give up and pay the ransom, fearing high causalities. This, in itself, is a serious issue, confirming to threat actors the profitability of cybercrime. Industrial ransomware is one of the most common concerns for critical infrastructure. As manufacturing includes various kinds of production, such as metal products, automotive, and industrial equipment, it is also a highly targeted sector by ransomware. Financial institutions are also targeted quite often. In this case, the attackers still intend to steal money and a huge amount of sensitive user data. In 2023, of 3,348 cyber incidents were detected in financial institutions worldwide, 1,115 caused leakage of sensitive data.The average amount of ransom payments increased
Between 2022 and 2023, the amount of money received by ransomware actors worldwide saw a huge spike, from 457 million U.S. dollars to 1.1 billion U.S. dollars. In the fourth quarter of 2023, 29 percent of ransomware attacks in worldwide organizations resulted in a ransom payment, down from 41 percent in the previous quarter. Despite this, the average amount of ransom paid decreased significantly during the measured period from over 850,000 U.S. dollars to 569,000.The beginning of the “ransomware epidemic”
In May 2017, computers using the Microsoft Windows operating system were targeted by the WannaCry ransomware attack. Attackers used the EternalBlue exploit, developed by the United States National Security Agency (NSA). The attack spread fast, infecting around 300,000 computers. The investigation found that a significant part of the attack was spread because of the uninstalled patches released by Microsoft. The attack was stopped a few hours after the launch and became what security experts call “the beginning of a ransomware epidemic.”Ransomware can be very costly and cause significant damage to the organizations. Given time, it only becomes more serious and sophisticated. In which case, the automated systems are needed to provide direct and constant protection, especially to the most critical industries. Specialists working in IT security know this very well, but are often not provided with the necessary resources.
