Skip to content Skip to navigation Skip to footer

50 Ransomware Statistics and Latest Ransomware Trends for 2023

Top Ransomware Statistics and Latest Trends

Increasing Ransomware Attacks

There is no good news about ransomware statistics for 2022/2023. Attacks continue to increase as cybercriminals use data infiltrations and the threat of data leaks to increase pressure on companies to pay the ransom. Even if a company can restore data from backups, leaked data from a company that refuses to pay ransom may appear on database websites operated by threat actors.

The Data Breach Investigation Report (DBIR) by Verizon says there was a 13% rise in ransomware attacks year-over-year from 2021. This rise is a greater increase than the previous five years combined.

Statista projects that about 70% of businesses will suffer one or more ransomware attacks in 2022. These ransomware trends increased over the past five years and are the highest annual rate on record.

Ransomware Attacks by Industry

Blackfog reports that education, government, and healthcare are the top three sectors to experience a ransomware attack in 2022. Here are more detailed statistics about these and other industries. 

Small Businessess/Enterprises

Verizon reported ransomware updates of 832 incidents of data breaches for small businesses in 2022. Of these attacks, 130 confirmed data loss, with nearly 80% of the attacks a result of ransomware.

Small businesses are particularly vulnerable. A study reported by UpCity says only half of U.S. small businesses have a cybersecurity plan.

Statista says that 71% of global businesses felt the impact of ransomware trends. A total of 62.9% of the ransomware victims paid the ransom.

Cybereason surveyed nearly 1,500 cybersecurity professionals and found that almost three-quarters of organizations (73%) reported at least one ransomware attack. The total number of attacks was 33% higher than the previous year's report, and most ransomware attacks (64%) resulted from the compromise of third-party suppliers.

These attacks directly affected workflow and employees. Almost 40% of enterprises had to lay off employees after an attack, and 35% experienced C-level resignations. Another 33% had to suspend operations temporarily.

Most organizations (63%) also reported that the attackers were in their network for up to six months before detection, while 21% said attackers had 7-12 months of unauthorized access, and 16% said the attackers were in the network for over a year.

Almost half of the organizations (49%) paid ransom to prevent revenue losses, and another 41% paid ransom to quicken the recovery process. Of those with reported losses, most (67%) said they lost between $1 and $10 million, and over half of the companies that paid the ransom had corrupted data after removing encryption.

The study also highlights two particularly troubling ransomware statistics. First, 80% of businesses that paid the ransom were subject to another ransomware attack. Additionally, over two-thirds (68%) of companies that paid ransom experienced another attack within a month.

The most affected business verticals are legal, finance, manufacturing, and human resources.

Atención médica

IBM's 2022 report shows that a breach in the healthcare industry costs 42% more than in 2020. For the past dozen years, healthcare had the greatest average cost for any industry at $10.1 million per incident.

The 2022 ransomware trends from Verizon note that healthcare experienced more ransomware attacks focused on personal data than medical data.

The latest ransomware updates from a Trend Micro study of 145 healthcare organizations found that 57% reported a ransomware attack within the past three years. Another 25% had to stop operations due to the attack, and 60% said some attacks completely disrupted business processes. 

The average cost was $10.1 million to recover from the attack. However, ransomware statistics show some pay much more. For example, ransomware cost Universal Healthcare Services $67 million in labor expenses, lost income, and recovery.


Verizon reports that education, which accounted for 30% of the data breaches in 2022, experienced a significant increase in ransomware attacks, resulting in 1,241 data breach incidents. Of these attacks, 282 confirmed data loss or disclosure. External threat actors caused 75% of the violations, while 25% came from internal sources.     

Attacks on lower education (56%) and higher education (64%) increased. While nearly half of those attacked paid the ransom to recover their data, just 2% got all the data back. It costs, on average, $1.58 million for lower education to recover and $1.42 million for higher education to recover. The process sometimes takes months.


Verizon reports that the discovery method called "actor disclosure" occurred in 58% of the data breaches. An "actor" may be external to the company or someone internal. These ransomware trends in government agencies might be increasing due to the war between Russia and Ukraine.

The Cybersecurity and Infrastructure Security Agency reported ransomware attacks against 14 of the 16 U.S. critical infrastructure sectors, including the food and agriculture, emergency services, government facilities, defense, and IT industries.  

FinCEN is the government agency responsible for tracking financial crimes, such as money laundering and payment of a ransom in cryptocurrencies. FinCen identified a ransomware trend of more than $5.2 billion in ransom payments made in Bitcoin, which is the most popular method of ransom payment demanded due to the difficulty of tracing the transaction.

The latest ransomware updates show the U.S. Department of the Treasury Office of Foreign Assets Control (OFAC) issued sanctions against the Suex cryptocurrency exchange for facilitating ransomware transactions.

Industrial Services

Verizon reported 2,337 data breaches in the manufacturing sector in 2022. Of those, 338 had disclosure of data, and 24% of the attacks (584) were ransomware.


Banking is a big target for threat actors. Verizon stated that organized crime is responsible for 79% of bank data breaches.

IBM says that the financial industry spends an average of $5.12 million to fight off data breaches, while CNBC reports that Bank of America spends over $1 billion annually on cybersecurity.

Ransomware payments are typically made using cryptocurrency due to their anonymous nature. Chainalysis determined that more than $602 million in payments for ransomware attacks used cryptocurrency.

According to a federal report with the latest ransomware updates, CNBC says American banks completed $1.2 billion in ransomware transactions.

Evolution of Ransomware as a Service (RaaS)

Criminal gangs are now subcontracting much of their attacks. Some offer Ransomware-as-a-Service (RaaS), which allows cybercriminals to deliver more ransomware attacks. Bad actors offer ransomware tools for a fee or as a portion of the illegal proceeds. This lets threat actors rent the services they need rather than having to develop their own tools or software, allowing them to increase the volume of the attacks.

Microsoft reports that DEV-0193, also called Trickbot LLC, is the most prolific ransomware organization. Conti is another ransomware group offering RaaS. Ransomware statistics show that Conti captured over $180 million in cryptocurrency payments in 2021 from ransomware. New RaaS groups include Bl00dy, DAIXIN, D0nut, and IceFire.

The trend is to exfiltrate data and threaten to release it as part of an extended extortion attempt. Cybercriminals threaten a denial-of-service attack (DDOS) if the threat of data release fails to extract the ransom.

Common Ransomware Attacks that Happened in 2022

Statista summarized the most common ransomware trends and attacks for 2022. A little more than 17% of the attacks used Stop/Djvu. The second-most-used encryption ransomware was WannaCry, at around 15%. Then, generic verdict trojans took up the balance of the top five.

The latest ransomware updates show the top variants reported by Malwarebytes in August 2022. They were Lockbit, BianLian, DON#T, IceFire, Vice Society, Hive, ALPHV, AvosLocker, LV, and Bl00dy. Lockbit was five times more popular than second-place BianLian.

Ransomware Settlement Statistics

A ransomware settlement is a payout to criminals or insurance coverage for such payout. 

The highest ransom payments (over $2 million) in 2021 occurred in the manufacturing and utility industries. 

These settlement amounts do not include the cost of the breach, which IBM says averages $4.54 million. The average breach cost increases to $5.12 million for companies that do not pay the ransom. 

Even if companies pay the settlement, they typically only get about 60% of their data back. Only 4% receive all their data.

Future of Ransomware

Cybersecurity Ventures estimates that global ransomware trends for damage will experience 30% year-over-year growth over the next decade. The damages are estimated to exceed $265 billion annually by 2031, with a new attack happening every two seconds.

How Fortinet Can Help

Fortinet has ransomware protection that helps an organization prepare, prevent, detect, and respond to a ransomware attack. The services offered include email security, endpoint protection with EDR, managed detection and response service, incident readiness & response, playbooks & tabletop, and FortiGuard incident response service. 


How many ransomware attacks happened in 2022?

For the first six months of 2022, Statista says there were more than 236 million global ransomware attacks, compared to over 623 million for the full year of 2021.

What is the percentage of attacks caused by ransomware?

Fortinet lists ransomware as number 6 on the top 20 types of cyberattacks, making it nearly as popular as phishing, man-in-the-middle (MITM), and denial of service (DDOS) attacks.

How many people were affected by ransomware?

Nordlocker reports more than 12 million American workers felt the disruption of ransomware in 2022. When including personal attacks, Statista estimates hundreds of millions are impacted globally by ransomware attacks. 

What are the top five ransomware attacks that happened in 2022?

  1. The Cuba ransomware group attacked Montenegro in August, disrupting government systems and national infrastructure and creating a country-wide attack.

  2. A ransomware group called Lapsus$ attacked Nvidia and demanded $1 million plus a percentage of company profits. 

  3. The Conti group attacked the government of Costa Rica and demanded $20 million.

  4. An attack on Bernalillo County, New Mexico, paralyzed the county government and disabled jail security systems.

  5. An attack on Toyota and its suppliers caused the company to lose 5% of its productivity.