Ransomware Statistics

15+ Ransomware Statistics 2024: Key Facts & Data

Published on: April 28, 2023
Last Updated: April 28, 2023

15+ Ransomware Statistics 2024: Key Facts & Data

Published on: April 28, 2023
Last Updated: April 28, 2023

Ransomware is often mistaken for a computer virus, but it’s different from a virus, it’s more malicious.

Ransomware is a type of malware (malicious software) developed to refuse organizational or user access to their own files.

In the following, we will discuss ransomware statistics for 2024.

What happens when there is a ransomware attack? Nefarious dealings are associated with ransomware.

The ransomware sender/offender disguises and attaches harmful malware to an email via zip file.

These files seem legitimate to the receiver, so they open the file, which is usually a Word or PDF which contains malicious scripting.

Once someone or a person within an organization opens the file(s), the company or user’s files are locked and encrypted, removing access to users who normally have access.

Until the sender gets whatever “ransom” they are demanding, the files remain inaccessible. 

Ransomware is used as one of the most efficient and effective ways to attack organizations’ individual users or whole infrastructures.

There are four types of ransomwares used to achieve their nefarious goals. 

The two primary and most-used types of ransomwares are “locker” and “crypt”.

The other two, “double extortion” and “RaaS” ransomware have started to become popular among malicious hackers.

Before we discuss more about these types of ransomwares, we will address several statistics you need to know about in 2024. 

Resource Contents show

Key Ransomware Statistics

  • In 2020, over half of businesses said they experienced a ransomware attack.
  • The average downtime cost incurred per ransomware attack came to over $238,000 in 2020. 
  • Ransomware attacks occur every 11 seconds.
  • In 2021, the worldwide cost of ransomware was $20 billion.
  • The predicted cost of future ransomware attacks is $265 billion by 2031.
  • The cost for recovering in the aftermath of a ransomware attack was $1.85 million in 2021.
  • Ransomware attacks most often occur in India.
  • Most ransomware attacks come from Russia, Iran, China, and North Korea.
  •  In 2021, 54% of reported ransomware attacks were considered successful. 

Detailed Ransomware Statistics in 2024 – The Monetary Cost


The following statistics will reveal that ransomware attacks are on the rise and growing, both in frequency and size.

They are designed to create threats among global businesses. 

One of the best ways to protect yourself and your business is to know trends, facts, and statistics about ransomware attacks.

This data will help you better pick your training, protective programs, and other helpful methods of preventing ransomware attacks. 

Let’s get started.

1. In 2020, 0ver Half of Businesses Surveyed Said They Experienced a Ransomware Attack.

While larger companies represent the most risk for ransomware attacks, medium to small businesses can also experience attacks.

In 2020, 51% of businesses that were surveyed said they experienced ransomware attacks. 

Cases of ransomware attacks took a dip to 37% in 2021, which is how many organizations claimed to get hit by ransomware.

Lest we forget, the threat remains going into 2023.

Any organization with a computer system is at risk for various forms of malware and virus attacks.

Individuals represent a lower risk group, but anyone who uses a computer does do so at some level of risk.


2. The Average Downtime Cost Incurred per Ransomware Attack Came to Over $238,000 in 2020. 

In 2019, the average cost of ransomware attacks was around $141,000. That makes the $238,000 average costs from a single ransomware attack roughly twice the 2019’s figure. 

Downtime costs include factors like reduced efficiency and production, which cost these companies money.

Organizations cannot afford to lose operating time.


3. In 2021, the Worldwide Cost of Ransomware Accounted for $20 Billion.

Another figure that nearly doubled between 2019 and 2021 so the global costs to businesses.

In 2019, ransomware criminals took $11.5 billion in ransom for locking company files and holding them for ransom.

By 2021, that amount rose to $20 billion, which is almost twice the 2019 amount. In just the first six months of 2021, 


4. The Predicted Cost of Future Ransomware Attacks Is $265 Billion by 2031.

Unfortunately, the future of ransomware doesn’t look good for organizations. The costs are expected to reach $265 billion within less than 10 years.

This figure is produced on the rate of current growth of ransomware attacks. 

If $265 billion in damages occurs, how will that affect modern businesses? We make thing that 10 years is a long time, but it’s not. 

(Cybersecurity Ventures)

5. 94% of Businesses Covered by Cybercrime Insurance Obtain Reimbursement for Ransom Payments.

If an organization is covered by cybercrime insurance coverage, they may not need to produce the full amount to the ransomware attackers, which also means they don’t have to eat those costs. 

That said, it’s important to read your policy to make sure your company is covered specifically for ransomware attacks.

Fortunately, 94% of organizations that are covered commonly get reimbursed for ransom payments from their insurance provider. 


6. The Cost for Recovering in The Aftermath of A Ransomware Attack Accounted for $1.85 Million in 2021.

We often talk about the financial costs of ransomware, but we speak out less about the recovery costs that include problems beyond money.

Ransomware attacks can be at least problematic for an organization regardless of the business’ size. 

The costs incurred include downtime, removal of ransomware, lost opportunities, and recovery costs that add up fast.

The 2021 figure of $1.85 million for recovery in the wake of ransomware is double from 2020.


General Ransomware Statistics


In this section, we’ll address the general ransomware statistics you need to know for 2023.

7. Ransomware Attacks Most Often Occur in India.

India tends to have the highest rate of ransomware attacks, according to statistics from 2020, at 8%.

Austria is second, at 57%, and the United States experiences ransomware attacks at 51%.

Since only the high-profile incidences are tracked, India has the highest rate of attacks.

Also, businesses don’t always report ransomware attacks, which means we cannot be 100% accurate about how many attacks occur.


8. Ransomware Attacks Occur Every 11 Seconds.

In 2021, the statistics showed that a ransomware attack happened every 21 seconds. In 2019, that number was every 14 seconds.

So, it’s no longer about how many ransomware attacks occur each day. It’s about how many occur in seconds. 

The scary fact is that ransomware and most all cybercrimes are no longer measured by how many happen, but how many per second.

That’s the terrifying issue we all face today.

(Cybersecurity Ventures)

9. Most Ransomware Attacks Come from Russia, Iran, China, and North Korea.

It’s important to know that ransomware isn’t usually spread by a single person, but groups of people seeking to do harm.

Most ransomware comes from Russia, China, Iran, and North Korea groups targeting the United States.

The goal of ransomware is to extort money from organizations, usually targeted companies by these offending “hackers”, or cyber criminals.

Their roles include the ransomware development, deployment, management, and collection of funds. 

Overall, ransomware attacks are highly organized.

(2021 Microsoft Digital Defense Report)

10. In 2021, 54% of Reported Ransomware Attacks Were Considered Successful. 

The reason more than half is so successful is not only due to the highly organized way they are carried out, but also the lack of knowledge within organizations about best practices to avoid it.

These criminal operators are becoming better at developing, deploying, and being covert with their malware.

The failure to examine and patch vulnerabilities within a company’s system helps them be more successful.

(Sophos, Guidepoint)

11. Statistics Show that 55% of Small Businesses with Fewer than One Hundred Employees Are Hit by Ransomware.

Most small businesses like mom-and-pop stores aren’t on the radar of ransomware criminals.

However, 55% of small businesses with fewer than one hundred employees are hit by ransomware.

Another 75% of companies that have less than $50 million in revenue are hit by ransomware attacks.

These may be considered medium-sized businesses, but they are still susceptible. 


12. The Retail, Banking, and Utilities Industries Are the Most Attacked by Ransomware

More than 50% of all ransomware attacks target banking, retail, and utility companies. The next industry that gets hit with ransomware is the educational sector.

That said, all industries are susceptible to ransomware. 

Ransomware attacks on utility companies impacts people and businesses that use utilities. If the utility company cannot access their files, they cannot provide services ot  their customers. 

Likewise, retailers are hit and are confined to accepting cash-only until they can recover access to their encrypted files under ransom.

Some retailers have even been forced to close until the issue gets resolved. The retail industry is at 44% of ransomware attacks, according to 2021 statistics. 

Any industry that services customers and gets attacked by ransomware holds everyone hostage until the issue is resolved. It’s not a victimless crime. 


13. Local Government Entities Are the Most Vulnerable to Ransomware, at 69%.

You would expect any government agency, local, state, or federal, would be well-protected from cybercrimes.

However, local government entities are not well prepared for ransomware.

On the other side of this coin, the transportation and distribution sectors are the most secure and well-prepared to stop a ransomware attack.

In fact, these industries are known to have stopped 48% of ransomware attacks. 


14. Email Attachments Are the Most Common Type of Ransomware Attacks.

Ransomware criminals make efficient and effective use of phishing emails where they can attach malicious files.

Even though most people today should know not to click on an .EXE file without running it through an antivirus and malware program.

Still, this happens, so malicious files get spread across the network of a business, leaving them without access to their files until they pay the ransom.

The most used file extensions include the Doc and Dot extensions. Both are Microsoft Word extensions. 


15. Ransomware Attacks Require Less than Four Hours to Infiltrate the Targeted Organization’s System.

Did you know that when a company is targeted by a ransomware group it takes less than four hours for them to infiltrate the company’s files?

The quickest malware can overtake a company’s full file system in less than 45 minutes. 

As technology grows, ransomware is likely to evolve and become faster and more efficient than it is today.

Even as antivirus companies develop and deliver updates and better malware and virus protection programs, ransomware and cyber criminals are keeping track.


16. The Real-World Ramifications of Ransomware Attacks Go Beyond Monetary Impact.


As mentioned in another section, ransomware isn’t solely about the monetary damage it causes.

In 2019, the healthcare industry had to temporarily shut down due to ransomware attacks in the United States alone. 

Likewise, 1,233 universities and 113 government entities were impacted enough to be shut down in 2019.

Individuals and businesses that rely on these entities for services suffer enough to cause real-world fatalities. 



Should an Organization Always Pay the Ransom in A Ransomware Attack?

Surprisingly, for companies who paid the ransom to regain access to their company files spent $1,450,000 in 2020.

On the other hand, those who didn’t pay spent less, at $732,000, recovering their files without paying the ransom.

We cannot answer whether you should pay or not pay the ransom since this is dependent upon the total effect on the lack of access to their files. 

How Does Ransomware Spread?

Phishing emails are the most common type of ransomware spread through an organization.

However, weakness in servers and software vulnerabilities are also ways this malicious software is spread.

Can You Protect Yourself from Ransomware?

The short answer is yes. You can protect yourself from ransomware. However, nothing is 100% effective.

You need to be proactive and have a proper antivirus and malware prevention program installed on your system.

Here are three tips to help you protect your system from ransomware attacks. 

1. Always back up your data: Even cloud storage is susceptible to ransomware, so you must consistently backup your drive using a physical backup option like an external hard drive, portable drive, or DVD.

Also, you need to back up your system and then disconnect the backup drive to keep it protected.

2. Maintain your computer well: It’s imperative to practice good cyber hygiene by making sure your OS and all applications are updated and patched regularly.

Change your passwords regularly and use strong passwords.

Also, be sure to hover over any links before you click so that you know the end destination of links.

3. Install antivirus software: We cannot stress this enough. Always use antivirus software and keep it updated.

Antivirus programs should be able to block phishing sites and other malware destination links.

While it’s believed a free version of antivirus is sufficient, remember that you get what you pay for when you get things for free.


The ransomware statistics for 2024 presented in this guide highlight the severity of this ongoing threat.

With the frequency and sophistication of attacks continuing to increase, it’s more important than ever to take proactive measures to protect your systems and data.

By following the best practices outlined in this guide, you can help reduce your risk of falling victim to a ransomware attack and minimize the potential damage if one does occur.


2021 Microsoft Digital Defense ReportBlackfrogCoveware
Cybersecurity VenturesDataProtEmsisoft

Stay on top of the latest technology trends — delivered directly to your inbox, free!

Subscription Form Posts

Don't worry, we don't spam

Written by Trevor Cooke

Trevor Cooke is an accomplished technology writer with a particular focus on privacy and security. He specializes in topics such as VPNs, encryption, and online anonymity. His articles have been published in a variety of respected technology publications, and he is known for his ability to explain complex technical concepts in a clear and accessible manner.