Ransomware remains one of the biggest plagues on the internet.
But it does not have to happen to you. Instead, learn how you may be exposed, the possible financial impact, and other essential metrics.
Our editorial team has researched and vetted 85+ ransomware statistics by demography, industry, revenue, device, and more.
Top 8 Ransomware Statistics (Editor’s Pick)
- Australia is in the top five countries for ransomware attacks on mid-sized companies.
- Japan paid the highest average ransom in ransomware attacks affecting SMEs in 2021.
- Turkey paid the least average ransomware amount in 2021.
- Ransomware attacks in Asia increased by 4% from 2021 to 2022.
- Companies paying $10,000 or lesser ransoms have dropped since 2020.
- The average ransom payment for mid-sized brands in 2021 was over $810,000.
- 98% of attacked respondents with a ransomware insurance policy got their payouts.
- 30% of ransomware attacks in 2022 also impacted backup data.
Infographic

General Ransomware Statistics
1. 88% of ransomware attacks in 2021 tried to infect backup files.
This survey of 300 respondents from ransomware-infected organizations in the EMEA region revealed that 47% of company data was encrypted during the attack.
2. 27% of attacked organizations suffered just one ransomware attack in 2021.
35% of surveyed organizations reported suffering two ransomware attacks in the year, and 24% suffered three. The table below breaks down the percentage of organizations suffering different frequencies of ransomware attacks in 2021.
Number of Ransomware Attacks | Affected Companies |
---|---|
One | 27% |
Two | 35% |
Three | 24% |
Four | 9% |
Five | 4% |
Six and more | 1% |
3. Phishing methods accounted for 44% of ransomware attacks on affected organizations in 2021.
41% of respondents claimed they were infected via patches and software packages. In third place was a credential compromise (35%), followed by insider threat (32%) and zero-day vulnerabilities (26%). In only 1% of the ransomware attack cases could the organization not pinpoint the source.
4. 42% of successful ransomware attacks in 2021 targeted specific system types.
Only 20% of the attacks were specific system types or applications not targeted.
In another 38% of the attacks, the ransomware attackers were focused on distinctive platforms (such as Oracle).
5. In 2021, 32% of affected ransomware respondents restored their data to a sandbox environment.
Another 25% directly restored the data into their central systems but scanned for threats immediately. Yet another 31% used protected repositories to regain their data safely.
6. 5% of affected organizations restored their data to their systems without testing for cleanliness.
The 2022 report also shows that 7% of affected organizations restored and monitored the data closely.
7. Ransomware attacks hit over 1,000 organizations in the first half of 2021.
In comparison, 1,112 organizations were hit by ransomware attacks in 2020.
8. 72% of organizations not hit by ransomware have poor preventive measures.
57% of these mid-sized companies cited having backups as their reason for not expecting to be hit. This 2022 study also showed that 37% believed their cyber insurance to be the reason why they would not be hit by ransomware. None of these is true.

9. 65% of attacked organizations claimed to have more than sufficient IT and cybersecurity staff.
23% of the companies in this 2021 survey had the right staffing level.
10. Bigger organizations consider ransomware insurance more than smaller brands.
In 2021, 88% of companies with 3,000-5,000 employees subscribed to a ransomware insurance package. In contrast, 73% of companies with 100-250 staff strength also had similar cyber insurance.
11. Cobalt Strike was used in 33% of global ransomware campaigns in Q3 2022.
It also led in the US, accounting for 34% of ransomware attacks in the region.
However, it was only the third preferred (18%) nation-state ransomware tool, falling behind Mimikatz (24%) and PlugX (20%).
12. Ransomware declined globally from Q2 2021 till Q2 2022.
There were over 188.9 million recorded ransomware events in Q2 2021 alone, which has since fallen to about 106 million detected events in Q2 2022.
Quarter | Ransomware Events |
---|---|
Q2 2021 | 188,902,580 |
Q3 2021 | 185,062,480 |
Q4 2021 | 133,496,823 |
Q1 2022 | 129,460,192 |
Q2 2022 | 106,154,479 |
13. Ransomware attacks in H1 2022 exceeded the full-year totals in 2017, 2018, and 2019.
As of June 2022, there were already over 236 million ransomware incidents.
While this is lesser than 2020 (around 304.6 million) and 2021 (about 623.2 million) values, it is more than the figures in:
- 2017 – 183.6 million incidents.
- 2018 – 206.4 million incidents.
- 2019 – 187.9 million incidents.
14. As of 2021, ransomware impacted 1 in 4 breaches.
25% of all breaches in 2021 were linked to ransomware attacks, increasing by 13% from the previous year. Likewise, ransomware incident reports to the FBI increased by 109% between 2017-2021.
15. 52% of organizations in a 2021 study had a ransomware-attacked company in their supply chain.
However, only 47% of companies share information about a ransomware attack with their supply chain partners.
Ransomware Statistics by Demographics
16. The US suffered 54.9% of global ransomware attacks in H1 2021.
The top 10 targeted countries accounted for almost 85% of the total victims of these attacks.
17. 43% of Italian companies that had their data encrypted in a ransomware attack paid the ransom.
However, ransom payments are illegal in Italy.
18. India and Mexico are some of the largest regions, with companies getting 100% ransomware payout from insurance companies.
Of the surveyed respondents, 131 companies in Mexico and 218 companies from India claimed to get a payout ANY TIME they got hit by ransomware.
Other countries that also got a 100% payout, and their sample size in this study, can be found in the table below:
Country | Sample Size |
---|---|
India | 218 companies |
Mexico | 131 companies |
Singapore | 91 companies |
Poland | 75 companies |
Sweden | 68 companies |
Belgium | 66 companies |
Switzerland | 52 companies |
Turkey | 51 companies |
UAE | 49 companies |
19. Over 8 in 10 mid-sized Austrian companies were hit by ransomware in 2021.
One or more ransomware attacks had hit 84% of the surveyed 100 companies in the region in the year. This also represented the highest attack rate on mid-sized companies across 31 surveyed countries.
20. Over half of US and UK companies were hit by ransomware attacks in 2021.
Of the surveyed 500 companies in the US, 58% reported having been hit by ransomware in 2021. Conversely, 57% of 300 surveyed UK companies made the same claims.
21. Canadian companies suffered more ransomware attacks than US companies in 2021.
The Great White North took an unwelcome lead, with 59% of its mid-sized firms getting hit by ransomware. 58% of US companies were hit in the same timeframe.
22. Australia is in the top five countries for ransomware attacks on mid-sized companies.
80% of the surveyed 250 surveyed firms from the country got hit by at least one ransomware attack in 2021. The top five countries are included below, with their respective sample sizes and attack rates.
Country | Sample Size (Companies) | Attack Rate |
---|---|---|
Austria | 100 | 84% |
Australia | 250 | 80% |
Malaysia | 150 | 79% |
India | 300 | 78% |
Czech Republic/Poland | 100 | 77% |
23. Less than half of surveyed countries were attacked less than the global average in 2021.
While the global average ransomware attacks on SMEs globally was 66% in 2021, only 14 of the surveyed 31 countries dipped below average.
Country | Sample Size (Companies) | Attack Rate |
---|---|---|
Singapore | 150 | 65% |
Chile | 200 | 65% |
Columbia | 200 | 63% |
Japan | 300 | 61% |
Italy | 200 | 61% |
Switzerland | 100 | 60% |
Turkey | 100 | 60% |
UAE | 100 | 59% |
Canada | 200 | 59% |
United States | 500 | 58% |
United Kingdom | 300 | 57% |
Saudi Arabia | 100 | 56% |
Brazil | 200 | 55% |
South Africa | 200 | 51% |
24. Ransomware attacks in Saudi Arabia were the least likely to involve data encryption in 2021.
Only 38% of the ransomware attacks on Saudi Arabian SMEs across all sectors involved data encryption in 2021. That was better than South Africa (45%) and UAE (59%), among 30 other countries.
25. Indian ransomware attackers were the likeliest to encrypt company data in 2021.
80% of all ransomware attacks in India involved cases where the attackers successfully encrypted the company’s data. It was followed by the Czech Republic and Australia (79%) and Poland and Hungary (78%).
26. Japan paid the highest average ransom in ransomware attacks affecting SMEs in 2021.
Over $4.3 million in average ransom payments were paid by 60 surveyed Japanese firms across different sectors in 2021. The Netherlands was next with just over $2 million in average payment (across 22 companies), while the Philippines rounded up the top three ($1.6 million).
27. Turkey paid the least average ransomware amount in 2021.
In the research period, Turkey paid just a little over $30,000 per ransomware attack, over 143x lesser than the highest average (from Japan).
28. Only about 20% of countries had SMEs paying over $1 million in cyber ransoms in 2021.
Only 6 of the 31 surveyed countries had a national ransomware payout average exceeding $1 million.
Country | Average Ransomware Payment |
---|---|
Japan | $4,327,024 |
Netherlands | $2,010,366 |
Philippines | $1,617,533 |
Israel | $1,347,405 |
India | $1,198175 |
Singapore | $1,161,329 |
29. Ransomware attack rectification in the Czech Republic jumped 5x between 2020 – 2021.
The cost for a Czech brand to recover from a ransomware attack was $370,000 in 2020 but increased to $2.58 million in 2021.
30. Recovering from a ransomware attack in Nigeria costs over 6x more than it did in 2020.
Nigerian companies in 2020 spent an average of $460,000 to rectify and recover from a ransomware attack. As of 2021, the figure stood at $3,430,000.
31. Austria had the best decline in ransomware rectification costs in 2021.
Companies in the region spent about $810,000 to recover from a ransomware attack in 2021, down from $7,750,000 in 2020.
32. Chilean companies were the likeliest to have ransomware insurance of any kind in 2021.
94% of Chilean SMEs had cyber insurance coverage in 2021. 48% had cyber insurance coverage, while the other 46% had insurance with exclusions in their policies.
33. Cyber insurance (including ransomware) without exclusions in the policy was most common in Austria.
89% of 100 surveyed mid-sized Austrian brands had a cyber insurance cover against ransomware attacks in 2021. 66% of these companies did not have any exceptions/exclusions in their policies, ensuring total coverage.
34. 64% of US ransomware attacks in Q1 2022 were to the business services sector.
This was estimated among the top 10 sectors affected by ransomware in that timeframe. Non-profit organizations came second.
35. “Cobalt Strike” was the preferred tool for 1 in 3 ransomware attacks in Q1 2022.
32% of the US top 10 ransomware attacks in Q1 2022 were propagated using the Cobalt Strike tool. In contrast, 12% used RCLONE, 10% went with BloodHound, and another 10% used Bazar Loader.

36. Lockbit accounted for almost 3 in 10 of the top 10 US ransomware attacks in Q1 2022.
The Lockbit ransomware family was engaged 26% of the time across the top 10 ransomware queries in the reporting timeframe. Conti (13%), BlackCat (11%), and Ryuk (10%) followed suit.
37. Cmd and Mimikatz were the most prevalent ransomware attack tool used against the top 10 US companies.
14% of the attacks used Cmd and Mimikatz. PsExec was preferred in 13% of the attacks, followed by AdFind and Ping.exe for 11% of the attacks (individually).
38. In Q1 2022, the global telecoms sector reported the highest ransomware attack rates in the top 10 industries.
53% of ransomware attacks recorded in the top 10 international customer sectors were to the telecoms industry. Business services came second (19%), while 10% of the attacks were from media/communications brands.
39. Germany recorded a 32% increase in ransomware campaigns between Q2 – Q3 2022.
In contrast, identifiable ransomware campaigns increased by 9% in the USA and fell by 52% in Israel.
40. Between Q2 – Q3 2023, the US finance sector saw a 59% decrease in ransomware attacks.
However, there was a 100% increase in detections in the transportation industry, while the Telecoms industry saw a 56% jump.
41. North American ransomware occurrences dipped by 42% in H1 2022.
In context, this represented about 100 million fewer ransomware attacks than in the same timeframe in 2021. From another angle, that is 556,000 lesser daily ransomware attacks than organizations suffered in 2021.
42. Ransomware attacks in Asia increased by 4% from 2021 to 2022.
That is meager compared to the 63% ransomware frequency increase in Europe in the same timeframe.

43. The US suffered up to 34x more ransomware attacks than any other country in the top 10 attacked regions.
Over 136 million ransomware attacks in 2022 saw the US top the list again after recording more than 227.2 million such attacks in 2021. Australia was last on the 2022 list, facing just over 3.97 million attacks in the same timeframe.
44. 7 of the top 11 ransomware-hit countries in H1 2022 were from Europe.
In comparison, only 5 of the top 11 were European countries in 2021.
The newer 2022 additions include Italy (in 4th place) with over 10 million attacks and the Netherlands (in 6th place) with over 9 million attacks.
Ransomware Statistics by Industry
45. The manufacturing industry suffered 30% of all ransomware attacks in H1 2021.
Out of the 1,097 successful attacks in H1 2021, the financial services industry came second with a share of 136 attacks. The transportation industry rounded up the top three with 84 attacks.
Based on a total of 1,097 attacks in H1 2021.
Affected Industries | Volume of Successful Attacks |
---|---|
Manufacturing | 311 |
Financial services | 136 |
Transportation | 84 |
Technology | 73 |
Legal/Human Resources | 71 |
Healthcare | 70 |
Retail | 60 |
Government and Defense | 60 |
Energy | 44 |
Education | 40 |
Media | 38 |
46. On average, the manufacturing and energy sectors paid the highest ransoms.
Of a surveyed 5,600 respondents, 38 were from mid-sized manufacturing firms that paid an average of $2.04 million in ransom in 2021. They were followed by 91 respondents in the energy (oil and gas) sector, whose firms averaged $2.03 million in ransomware payments.
47. Healthcare had the lowest average ransomware payout in 2021.
83 companies in the healthcare sector that were also attacked by ransomware paid an average of $197,000 in 2021. Local and state government agencies spent slightly more, averaging $214,000, from about 20 respondents.
48. Energy (oil and gas) organizations were likelier to have ransomware insurance than any other industry.
In 2021, about 89% of mid-sized companies in the energy sector had ransomware insurance coverage. In close second was the retail industry, with 88% of respondents having insurance against ransomware attacks.
49. Companies in the media and entertainment industry suffered the most ransomware attacks in 2021.
79% of the 392 companies surveyed in this sector were hit by a ransomware attack in 2021, shooting higher than the 66% industry average.
Retail (77%) came in second with a sample size of 422 companies, while the energy sector rounded up the top three (75%) across 357 surveyed companies in the industry.
50. About 50% of surveyed sectors were hit less than the overall industry ransomware attack average in 2021.
8 of 15 sectors were hit less than 66% in 2021, considering the SMEs involved in this study.
Sectors | Sample Size (Companies) | Attack Rate |
---|---|---|
Higher Education | 410 | 64% |
Construction/Property | 335 | 63% |
IT/Technology/Telecoms | 543 | 61% |
Federal Government | 145 | 60% |
Local & State Government | 199 | 58% |
Lower Education | 320 | 56% |
Manufacturing | 419 | 55% |
Financial Services | 444 | 55% |
51. Construction and property companies were the most likely to pay a ransom in 2021.
56% of construction and property companies paid the ransom to get their data back in 2021, more than any other sector. Second was the energy sector (55%), and the financial services sector was third (52%).
52. Media and entertainment companies were likeliest to restore their data from backups.
In 2021, 34% of companies in this sector still paid the ransom, but another 85% chose to restore their data from existing backups.
53. Manufacturing and construction institutions would likely use other data recovery methods in 2021.
While 33% of them paid ransoms to get their data back and 58% used their data backups, 48% would also pursue other data recovery means. 45% of local government firms also used other data recovery means, followed by 35% of lower education companies.
54. Federal government establishments got most of their data back after paying a ransom in 2021.
64.4% of encrypted data was secured from attackers after paying the ransom.
However, the transport section fared the worst with only a 50% data recovery rate, despite paying a ransom.
55. Ransomware attacks against government organizations dropped 84% globally in H1 2022.
However, the global education sector saw a 51% increase while the attacks on retail surged by 90% year-on-year.
56. Healthcare-directed ransomware attacks surged by 328% in H1 2022 alone.
The finance sector also saw an unwelcome triple-digit growth, with a 243% jump in the same timeframe.
Ransomware Financials Statistics
57. 57% of companies attacked by ransomware in 2021 had ransomware insurance coverage.
Another 30% had cyber insurance at the time, but ransomware insurance was not part of the package. The final 13% did not have cyber insurance at the time.
58. Most ransomware-attacked companies in 2021 paid the ransom via insurance coverages.
47% of affected organizations activated their cyber-specific insurance to cover the costs. Another 25% paid through other insurance plans, while 4% paid out of pocket for lack of insurance.
59. Over 2 in 10 affected companies paid out of pocket even though they had insurance.
This 24% of companies decided to leave their insurance coverage provider out of it and pay the sum themselves.

60. 52% of organizations paid the ransom and were able to recover their data.
A 2022 study of 1,000 organizations also shows that 19% of respondents were able to recover their data without paying. Another 5% claimed that no ransom was demanded.
61. Extortion-based ransomware attacks slightly declined in mid-sized companies.
About 7% of companies hit by ransomware in 2020 claimed they were held to ransom not by data encryption but by the threat of exposing their data to the public. By 2021, the number of such attacks had dropped to 4%, with an increase in data encryption-based attacks.
62. 46% of mid-sized companies paid ransomware attackers to get their data back in 2021.
Of the surveyed 5600 respondents, 99% claimed to have gotten back some of their encrypted data. Only 4% got all their data back after paying the ransom.
63. 965 surveyed IT professionals claim ransomware payments went up in 2021.
Only 4% of ransomware victims issued payouts of $1 million or more in 2020.
The number was at 11% in 2021, showing a 3x increase.
64. Companies paying $10,000 or lesser ransoms have dropped since 2020.
34% of victims paid $10,000 or less in ransoms in 2020. However, only 21% of companies paid such amounts in 2022, indicating that most companies are paying more.
65. The average ransom payment for mid-sized brands in 2021 was over $810,000.
The average used to be $170,000 in 2020, representing almost a 5x increase to $812,360 in 2021.
66. In 2021, managing a ransomware attack cost about $1.4 million.
This is a drop from the $1.85 million figure in 2020.
67. 64% of ransomware victims in 2021 claimed to have excess cybersecurity spending allocations.
Another 24% stated they had just the right amount of money to spend on cybersecurity. That leaves 12% who do not have an excess budget or have enough, if any at all.
68. 83% of mid-sized companies had insurance coverage against ransomware attacks in 2021.
Another 34% said that they had specific exclusions in their coverage policy that might prevent them from accessing the payout.

69. 89% of organizations hit by ransomware in 2021 had cyber insurance to cover such events.
In contrast, 70% of the companies NOT hit in the reporting timeframe also had a ransomware insurance policy.
70. In 2021, 94% of insured mid-sized companies claim that securing coverage is now more challenging.
54% stated that the conditions to qualify for insurance coverage were stricter, while 37% claimed the process was longer than ever.
The table below highlights what has changed and the percentage of companies affected.
Factor | Affected Companies |
---|---|
Tougher conditions to qualify | 54% |
Complexity of new policies | 47% |
Lesser companies offering insurance | 40% |
Increased process duration | 37% |
Higher insurance costs | 34% |
71. Over 9 in 10 insured organizations modified their cybersecurity against ransomware as of 2021.
At least 97% of organizations claimed to have deployed new technology and services (64%), increased staff training (56%), and changed workflows (52%) to better their cybersecurity position.
72. 98% of attacked respondents with a ransomware insurance policy got their payouts.
This 2021 number trended up slightly from 95% in 2019.
73. Insurance companies were more likely to pay for cleanup costs than the ransom.
2021 data shows that 77% of attacked organizations got paid cleanup costs to get their firms running again, compared to 67% who got such payments in 2019.
Likewise, only 40% of insured companies had their providers pay the ransom, lower than the 44% in 2019.
74. 74% of ransomware payouts in 2021 were believed to go to Russia.
Roughly $400 million in ransomware payments were believed to have been collected by ransomware groups operating out of Russia.
Ransomware Impact Statistics
75. Over 3 in 10 organizations do not get their data back after paying the ransom.
A 2021 report shows that 24% of organizations who paid attackers still could not retrieve their data in part or whole.
76. 30% of ransomware attacks in 2022 also impacted backup data.
26% of organizations claimed that the attacker tried to impact their backups unsuccessfully. Another 38% said that some of their backup files were affected, while only 6% claimed the attackers did not try to hit their backups.
77. In total, 88% of ransomware attacks in 2022 attempted to hit the organization’s backups.
75% of those attempts were successful.
78. 11% of organizations could not or did not restore their data after a successful ransomware attack.
A report published in 2022 also showed that 8% could begin data remediation in less than 15 minutes. Most companies (55%) could only begin remediation between 2-4 hours after the attack.
Time Taken to Start Remediation | % Of Affected Companies |
---|---|
>= 15 minutes | 8% |
15 minutes – 1 hour | 13% |
1-2 hours | 44% |
2-4 hours | 55% |
4-8 hours | 35% |
1-2 days | 19% |
3-4 days | 9% |
Never | 11% |
79. Data recovery and remediation after a successful ransomware attack can take up to 4 months.
In 2022, a minority (3%) of attacked organizations claimed it took 2-4 months to complete their data recovery. Most respondents (33%) were done in 2-4 weeks, while the next largest group (24%) was done in 1 week. Only 7% completed their remediation in under a week.
80. 76% of all organizations were a victim of ransomware attacks in 2021.
By 2022, the number had climbed to 85%.
81. 39% of organizations' production data was encrypted or ruined by ransomware actors in 2022.
Just over half (55%) of this data was recoverable.
82. 66% of mid-sized organizations were hit by ransomware in 2021.
In comparison, just 37% of these organizations claimed to have suffered a ransomware attack in 2020.
83. 65% of ransomware attacks on mid-sized organizations successfully encrypt the company’s data.
The 2021 data reveals negative growth from the 54% encryption success rate in 2020.
84. 90% of mid-sized businesses claimed ransomware attacks impeded their ability to operate.
Another 86% reported a loss of business and revenue from these attacks, as it generally took one month to recover from the incident.
Other Ransomware Statistics
85. 60% of ransomware attacks in H1 2021 were attributed to three attack groups.
Conti accounted for over 35% of ransomware hacks in the period.
It was followed by Avaddon, with 14.4% of the attacks, and Revil claiming 11.2% of the successful ransomware attacks.
86. Lockbit family ransomware detections were reduced by 44% in the US.
Between Q4 2021 and Q1 2022, attacks related to Conti dropped by 37%, while Cuba-related queries saw a 55% decline.
Do Not Negotiate With Terrorists
More than half of companies do not get their data back after paying the ransom.
Of those who pay, some have reported getting contacted by the attackers for more money to prevent leaking the information they stole. That is on top of government sanctions you may incur from paying into a ransomware account.
Instead, prevention is the best approach. Likewise, invest in good cybersecurity insurance that covers ransomware, especially one that caters to cleanup costs if the inevitable does happen.
- https://www.veeam.com/veeam-ransomware-trends-executive-brief-2022-emea_wpp.pdf
- https://www.veeam.com/veeam_ransomware_trends_report_2022_wpp.pdf
- https://www.veeam.com/data-protection-trends-report-2023_wpp.pdf
- https://www.cognyte.com/blog/ransomware_2021/
- https://assets.sophos.com/X24WTUEQ/at/4zpw59pnkpxxnhfhgj9bxgj9/sophos-state-of-ransomware-2022-wp.pdf / https://www.sophos.com/en-us/content/state-of-ransomware
- https://www.trellix.com/en-us/advanced-research-center/threat-reports/jul-2022.html
- https://www.trellix.com/en-us/assets/threat-reports/trellix-arc-threat-report-fall-2022.pdf
- https://www.sonicwall.com/medialibrary/en/white-paper/mid-year-2022-cyber-threat-report.pdf / https://www.sonicwall.com/2022-cyber-threat-report/
- https://www.trendmicro.com/explore/glrans/01590-tm1-en-wp#page=1