Ransomware is the type of malware or malicious software designed to lock the user or organization out of their computer and network or deny access to their files.

Once it infects the user’s computer, attackers demand to pay a ransom to decrypt the user’s data or unlock the device.

Based on the latest reports, there were more victims of ransomware attacks that were requested to pay a ransom in 2021.

46% of affected organizations paid the ransom, while 26% paid the ransom and restored encrypted data through backups.

The Average Cost of a Ransomware Attack in 2023

A malware attack that encrypts the victim’s information and data is called ransomware since the attackers demand ransom to regain the victim’s access to their data and device.

According to the 2022 report of the State of Ransomware, 11% of businesses and organizations paid ransoms of at least $1 million in 2021.

It is up by 7% from the previous year. While 21% paid less than $10,000 in 2021, down from 34% the previous year.

Attackers demand a ransom of $10,000 to millions of dollars, and the highest ransom demanded was approximately $70 million.

In many cases, they demand 3% of the company’s annual revenue.

The research found that 66% of surveyed organizations and businesses became victims of ransomware attacks in 2021.

The average ransom demand from a ransomware attack they paid is around $570,000 to $812,360.

The average cost of ransomware attacks in 2021 was $5.8 million, representing a $3 million increase from the prior year.

90% of the attacked organizations were unable to operate well, and 86% of the attacked private sector lost a large amount of revenue.

The study shows that the average cost to recuperate from the ransomware attack was around $1.4 million in 2021.

Average Ransom Payments

The average ransom payment in Q2 2021 was $136,576, down by 38% from the previous quarter.

The decrease was due to the different ransomware-as-a-service brands growing rapidly.

Here are the average ransom payments from Q1 2020 to Q2 2021:

• In Q1 2020, the average ransom payment was around $110,000
• In Q2 2020, the average ransom payment was around $165,000
• In Q3 2020, the average ransom payment was around $235,000
• In Q4 2020, the average ransom payment was around $150,000
• In Q1 2021, the average ransom payment was around $188,000
• In Q2 2021, the average ransom payment was around $136,000

Types of Most Reported Ransomware

Many businesses are threatened by ransomware attacks since more types of ransomware appear and are reported.

The most reported type of ransomware attack in Q1 2021 was Sodinokibi (REvil), which accounts for more than 14%.

Here are the most reported types of ransomware in Q1 2021, according to the Coveware Ransomware report:

1. Sodinokibi (REvil) accounts for a 14.2% market share of the ransomware attacks in Q1 2021
2. Conti V2 accounts for a 10.2% market share of the ransomware attacks in Q1 2021
3. Lockbit accounts for a 7.5% market share of the ransomware attacks in Q1 2021
4. Clop accounts for a 7.1% market share of the ransomware attacks in Q1 2021
5. Egregor accounts for a 5.3% market share of the ransomware attacks in Q1 2021
6. Avaddon accounts for a 4.4% market share of the ransomware attacks in Q1 2021
7. Ryuk accounts for a 4.0% market share of the ransomware attacks in Q1 2021
8. Darkside accounts for a 3.5% market share of the ransomware attacks in Q1 2021
9. Suncrypt accounts for a 3.1% market share of the ransomware attacks in Q1 2021
10. Netwalker accounts for a 3.1% market share of the ransomware attacks in Q1 2021
11. Phobos accounts for a 2.7% market share of the ransomware attacks in Q1 2021

Real-Life Ransomware Attacks

Based on research, 576 organizations in the United States became victims of ransomware attacks in 2021.

It affects over 34.14 million records costing the country $159.4 billion in downtime.

Below are some of the real-life ransomware attacks, according to Check Point Research:

• Financial Services – attacked by REvil on December 2019. The ransom payment was $2.3 million and other losses were worth $23.7 million
• US County Government – attacked by DoppelPaymer on September 2020. The ransom payment was $500,000 and remediation and response worth $404,000
• Insurance Agents, and Brokers – attacked by CryptoLocker on March 2021. The ransom payment was $40 million and other losses were worth $60 million

Most Common Targets of Ransomware Attacks

The most common targets of ransomware attacks in 2021 were retail organizations and education institutions.

The transport and distribution sectors were the most capable and prepared to stop attacks. 

Here are the most common targets of ransomware attacks in 2021:

• 44% of retail organizations experienced ransomware attacks in 2021
• 44% of education institutions experienced ransomware attacks in 2021
• 42% of the business sectors experienced ransomware attacks in 2021
• 40% of central government experienced ransomware attacks in 2021

Countries Affected by Ransomware Attacks

According to a February 2022 survey, 66% of organizations around the world became victims of ransomware attacks.

Austria has the highest share of organizations hit by ransomware attacks worldwide.

More than 80% of organizations in Austria and Australia experienced ransomware attacks in 2020.

Let’s take a look at the list of countries affected by ransomware attacks as of February 2022:

• 84% of organizations in Austria were affected by ransomware attacks as of February 2022
• 80% of organizations in Australia were affected by ransomware attacks as of February 2022
• 79% of organizations in Malaysia were affected by ransomware attacks as of February 2022
• 78% of organizations in India were affected by ransomware attacks as of February 2022
• 77% of organizations in the Czech Republic were affected by ransomware attacks as of February 2022
• 77% of organizations in Poland were affected by ransomware attacks as of February 2022
• 76% of organizations in Hungary were affected by ransomware attacks as of February 2022
• 75% of organizations in Belgium were affected by ransomware attacks as of February 2022
• 74% of organizations in Mexico were affected by ransomware attacks as of February 2022
• 73% of organizations in France were affected by ransomware attacks as of February 2022

What Victims Did After a Ransomware Attack?

Most of the companies, businesses, and organizations that became victims of ransomware attacks took back their data by using backups.

Other victims choose to pay the ransom to regain their data.

Below is the list of what victims did after the ransomware attacks:

• 57% of companies, businesses, and organizations attacked did the backup recovery
• 32% of companies, businesses, and organizations attacked paid the ransom
• 8% of companies, businesses, and organizations attacked used other recovery 
• 3% of companies, businesses, and organizations attacked did not recover their data

Conclusion

Ransomware attacks grew in number, got costlier, and became more sophisticated than the previous years.

It brings a high cost for attacked organizations and other victims. According to IBM’s report, ransomware’s share grew by 41% and lasts up to 49 days to identify.

Ransoms often a small part of the total cost of ransomware. The average cost of a destructive ransomware attack is approximately $5.12 million.

Sources