36 Ransomware Attack Statistics – 2023

Ransomware attacks have increased dramatically in recent years — from 200 million attacks in 2017 to a peak of 623 million ransomware attacks in 2021. They dropped slightly in 2022, to 493 million annual attacks, but still cost companies billions of dollars every year.

In this article, we’ll detail 36 key ransomware attack statistics, including details on the biggest attacks of all time. Read on.

Key Ransomware Statistics

493 Million Ransomware Attacks Were Attempted in 2022

Just over 493 million ransomware attempts were made in 2022 — that’s over 1.3 million attacks per day! As high as that number is, these attacks are down 21% from 2021, in which 623 million ransomware attempts were made. These attacks have increased quite a bit in recent years, having first breached the 300 million mark in 2020.

[Source: Statista]

Global Ransomware Costs Expected to Reach $265 Billion Annually by 2031

The global cost of ransomware has been on the rise. While the total for 2021 was approximately $20 billion, by 2031, the total global cost of ransomware is expected to reach a shocking $265 billion, a 1225% increase.

[Source: Cybersecurity Ventures]

72.7% of Organizations Have Fallen Victim to Ransomware

The number of organizations targeted by ransomware has increased over the years, causing the number of companies that fall victim to it to rise. During a survey taken in 2023, 72.7% of companies reported being victimized by ransomware in the past 12 months. That’s 1.7% more than 2022, and 16.6% more than 2019.

[Source: CyberEdge]

By 2031, a Ransomware Attack Will Occur Every 2 Seconds

Along with the cost of ransomware attacks increasing significantly over the coming years, the frequency of attacks is also expected to rise. While ransomware attacks were estimated to occur every 11 seconds in 2021, the rate will come in at every 2 seconds by 2023.

[Source: Cybersecurity Ventures & Cybersecurity Ventures]

85% of Ransomware Attacks Target Windows Systems

Overall, Windows systems are targeted the most often, coming in at 85%. In second is macOS, which claims just 7%. The remaining targets are mainly mobile, with Android and iOS coming in with 5% and 3%, respectively.

[Source: Safety Detectives]

Attackers Encrypted Company Data in 76% of Attack Attempts

Many ransomware attackers aim to encrypt data so that the company being attacked can no longer access it. The success rate for the encryption of data during a ransomware attack increased in 2023. 76% of attacks resulted in the company’s data being encrypted by the attacker in 2023. In 2022 and 2021, the success rates were 65% and 54%, respectively.

[Source: Sophos]

40.9% of Ransomware Attacks Leverage Multiple Extortion Methods

Ransomware attackers leverage a variety of threats, such as encrypting data so the company can’t access it, or denial-of-service attacks that shut down a company’s operations. In total, a second extortion method is part of the equation in 40.9% of attacks. 30.4% of attacks involve three threats, while another 7.2% have four threats involved.

While encryption remained a popular threat among ransomware attackers, only 21.6% of ransomware attacks relied on encryption alone. In 41.9% of cases, hackers threatened a DDoS attack. They also threatened to notify customers of the breach in 41.5% of incidents, and threatened to publicly release stolen information in 39.8% of their attacks.

[Source: CyberEdge]

Over 90% of Ransomware Attacks Are Preventable

Following cybersecurity best practices can make a difference. Overall, more than 90% of ransomware attacks are preventable, but only if the right security measures are in place.

[Source: Gartner]

Ransomware Statistics by Industry

46% of SMBs Have Experienced a Ransomware Attack

While many would assume that larger corporations are more attractive ransomware targets, small-to-medium-sized businesses (SMBs) are at risk. Overall, 46% of SMBs have experienced a ransomware attack. Additionally, 17% of SMBs feel ill-prepared to face such a threat, and 28% don’t have a plan to mitigate ransomware attacks.

[Source: Panda Security]

80% of K-12 Schools Have Experienced Ransomware Attacks in the Past Year

The education industry is highly targeted by malicious actors. Overall, 80% of K-12 schools have experienced a ransomware attack in the past year. Additionally, 79% of higher education institutions were attacked.

[Source: Sophos]

71% of Construction and Property Companies Were Hit by Ransomware

While construction and property-related businesses might not seem like a prime target, the industry has been getting a lot of attention from hackers using ransomware recently. Overall, 71% of companies in that sector reported being targeted with ransomware in the past 12 months, representing a 129% increase in just 2 years.

[Source: Sophos]

70% of Government Organizations Were Targeted in the Past Year

Central and federal-level government organizations have long been a popular target among malicious actors leveraging ransomware, and that trend continues. During the past year, 70% of government entities in that category experienced a ransomware attack.

[Source: Sophos]

Ransomware Cost Statistics

The Average Ransomware Payment Is $408,644

The average ransom payment has fluctuated significantly over the years. However, in Q4 2022, the figure crossed the $400,000 mark, reaching $408,644. That’s a dramatic increase over the $258,143 average ransomware payment in Q3 2022 and exceeds the Q4 2021 – one year prior – amount of $322,168.

[Source: CyberEdge]

13% of Ransomware Attacks Involved Ransoms of $5+ Million

While the average ransom paid was far below even $1 million, higher ransoms aren’t uncommon. Among the attacks in a 2023 study, 13% involved ransoms of $5 million or more. Additionally, 27% included ransoms between $1 million and $4.99 million.

[Source: Sophos]

The Average Ransomware Recovery Cost Reaches $1.82 Million

Ransomware attacks cause companies to incur a wide array of losses. When it comes specifically to organizational recovery costs, the average spent is $1.82 million. That figure does not include the cost of any ransoms paid.

[Source: Sophos]

99% of Ransom Payments Are in Bitcoin

Cryptocurrencies are, unsurprisingly, favored by cybercriminals. But Bitcoin is the digital currency de jour, being used as payment in 99% of cases. The other 1% goes to privacy coins, like Dash.

[Source: CoveWare]

The Average Demand from Ryuk Ransomware Attacks Was Over $377,000

Companies hit with a Ryuk Ransomware attack were initially asked to fork over $377,026 on average. Now, this isn’t a reflection of what companies ended up paying (if they paid at all). At times, the attackers’ demands did shift, potentially as they learned more about the financial viability of the company.

[Source: CoveWare]

Ransomware Attacks Cause 84% of Targeted Companies to Lose Business

Ransomware attacks hinder company operations, which can result in lost business and revenue. Additionally, damage to customer trust can cause further losses. Overall, the odds of these types of losses are high among organizations in the private sector, with 84% of companies reporting such losses due to a ransomware attack.

[Source: Sophos]

59.7% of Organizations Paid the Ransom

When faced with a ransomware attack, companies have to choose whether or not to pay the requested ransom. Overall, 59.7% of organizations choose to hand over the cash based on a 2023 survey.

However, that number is actually lower than what was recorded in the previous year. In 2022, 62.9% of companies said they paid the ransom.

[Source: CyberEdge]

72.7% of Companies That Pay Ransoms Recover Their Data

One of the most significant fears related to paying a ransom is not getting the desired result, namely recovering the encrypted data. However, 72.7% of organizations that did pay stated that their companies regained access to their data. Still, that means 27.3% of companies that submitted to the ransom demands didn’t get the data back.

[Source: CyberEdge]

3% of Encryption Attempts Failed But Still Led to Ransom Demands

While failing to successfully encrypt a company’s files would cause most attackers to abort their extortion attempts, that doesn’t always occur. In 3% of all attacks, hackers attempted to extort the company even though they did not succeed in encrypting the company’s data.

[Source: Sophos]

More Ransomware Attack Statistics

30% of Ransomware Attacks Involving Encryption Also Resulted in Stolen Data

While ransomware attacks don’t universally involve hackers stealing company data, stolen data is a significant concern. Among attacks where data was successfully encrypted by attackers, data was also stolen in 30% of incidents.

[Source: Sophos]

36% of Ransomware Attacks Involve Exploiting Vulnerabilities

When it comes to the execution of ransomware attacks, malicious actors exploit a vulnerability in 36% of cases, making it the most common root cause of ransomware incidents. However, other attack vectors are also widely used.

Compromised credentials provided access to company systems – making it possible to deploy ransomware – in 29% of incidents. Malicious emails were involved in 18% of cases, while phishing created a point of entry in 13% of attacks. Brute force attacks and downloads were part of the equation in 3% and 1% of ransomware incidents, respectively.

[Source: Sophos]

The Average Data Breach Costs $4.45 Million

As of 2023, the average cost of a data breach reached an all-time high of $4.45 million, marking a 15% increase over the past 3 years. While that figure isn’t related to ransomware alone, ransomware that involves data access by an unauthorized party – particularly it being stolen – does inherently qualify.

[Source: IBM]

Cybercrime Quadrupled During COVID-19

COVID-19 fundamentally altered the business world, at times in ways that put cybersecurity on the backburner or made people vulnerable to scams. Since the onset of the pandemic, according to the FBI, cybercrime rates quadrupled. For their part, ransomware attacks rose from roughly 200 million before the pandemic to a peak of 623 million attacks in 2021.

[Source: ZDNet]

Mobile Ransomware Trojans Detections Fell Below 11k in 2022

While 68,362 new mobile ransomware trojan installation packages were detected in 2019, there’s been a significant decline every year since. In 2020, there were only 20,708, followed by just 17,372 in 2021. As of 2022, the number has fallen to a mere 10,543.

[Source: Kaspersky Labs]

Top 5 Ransomware Attacks of 2023

1. Data on 8.9 Million Patients Stolen During MCNA Dental Ransomware Attack

In February 2023, Managed Care of North America (MCNA) Dental – an insurance provider – was targeted by a ransomware attack. Hackers were able to steal sensitive information on an estimated 8.9 million patients, including names, addresses, birthdates, Social Security numbers, government-issued ID numbers, and more.

[Source: TechCrunch]

2. PharmaMerica Ransomware Attack Leads to Data Breach Impacting 5.8 Million Customers

PharmMerica was targeted by a ransomware attack that resulted in data on 5.8 million customers being exposed by the attacker group. The cache of information contained 4.7TB of data, including highly sensitive personal information, such as customer names, addresses, birthdates, Social Security numbers, health insurance information, and medications.

[Source: Infosecurity Magazine]

3. Caesars Entertainment Pays $15 Million Ransom to Prevent Data Leak

In September 2023, hackers targeted Caesars Entertainment – a major casino operator – and stole its loyalty program customer database. The data attackers acquired included sensitive information on customers, such as Social Security numbers. In an attempt to prevent the release of the data, Caesars Entertainment paid a $15 million ransom.

[Source: SEC & CNBC]

4. Harvard Pilgrim Health Care Ransomware Attack Impacts More Than 2.5 Million Members

In April 2023, Harvard Pilgrim Health Care (HPHC) – an insurer – was targeted by a ransomware attack that involved data theft. Sensitive information on more than 2.5 million people was compromised, including names, addresses, birthdates, Social Security numbers, medical histories, and more.

[Source: HPHC & The Boston Globe]

5. Hackers Steal Data on Nearly 300,000 Individuals During Dish Ransomware Attack

In February 2023, satellite TV provider Dish was targeted by a ransomware attack, leading to a multiday service outage. However, that wasn’t the only damage done. Sensitive information on nearly 300,000 individuals was also stolen during the attack. Primarily, current and former employee-related data – including details about family members – was acquired by the hackers, though some other individuals were also impacted.

Some speculate that Dish paid the ransom associated with the ransomware attack, primarily based on the company claiming it received confirmation that data extracted by hackers was deleted.

[Source: TechCrunch]

Top 5 Ransomware Attacks of All Time

1. The Wannacry Attacks

In May 2017, widespread attacks broke out involving the WannaCry ransomware worm, infecting an estimated 230,000 Windows systems around. A wide array of organizations were hit by WannaCry, including FedEx, Honda, Nissan, Spanish mobile carrier Telefonica, and many more. The total cost of WannaCry recovery was estimated at $4 billion.

One notable victim was the British National Health Service, with up to 70,000 devices hit by the attack. Patient records became inaccessible at many hospitals, causing significant service disruptions. In total, the incident was estimated to have cost the NHS £100 million.

[Source: US NIH, ZDNet, Symantec, Cloudflare & Kaspersky]

2. Costa Rica

In June 2022, Costa Rica was subject to monthslong ransomware attacks targeting a variety of government institutions. It began with an attack on the Ministry of Finance but quickly spread to other entities, forcing the shutdowns of multiple systems, including some related to public services. Initially, then-president Carlos Alvarado refused to pay the ransom to attackers, prompting the hackers to leak stolen data. The situation was ultimately declared a national emergency by the new president, Rodrigo Chaves Robles, and the total losses were estimated at $30 million per day.

[Source: Bovill & The Guardian]

3. Maersk

In June 2017, Maersk – a shipping giant – was struck by a ransomware attack. The attack involved NotPetya – also known as ExPetr – which aimed to destroy data over encrypting it for a ransom. The malware targeted Windows systems and encrypted master boot records to render systems unusable. Maersk experienced financial losses estimated at $300 million.

NotPetya ransomware also impacted other companies during the same time period. Merk, a pharmaceutical company, was another of the hardest-hit organizations, but there were many more targets. In total, estimated damages are near $10 billion.

[Source: Computer Weekly & Brookings Institute]


During a ransomware attack in June 2021, JBS USA – a meat-packing company – halted all of its US plant operations and suffered other disruptions. The timing was particularly unfortunate, as it occurred during a period of high inflation and supply chain disruptions. The company paid the equivalent of $11 million as a means of escaping the attack.

[Source: Reuters]

5. Colonial Pipeline

In May 2021, one of the most infamous ransomware attacks of all time occurred. DarkSide targeted Colonial Pipeline with a ransomware attack, disrupting the systems that controlled the flow of fuel from Texas throughout the Southeastern United States.

Within hours of the attack, Colonial Pipeline paid $4.4 million in Bitcoin to DarkSide as a ransom, $2.3 million of which was later recovered by the FBI. However, recovery took far longer, limiting the company’s operations dramatically for several days.

[Source: TechTarget]

About the Author

Find Catherine on Firewall Times

Catherine Reed

Catherine Reed is a writer and researcher with experience writing about a wide variety of topics including personal finance, technology, and staffing.