Network Security
Vulnerability Management
Privileged Access Management 
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Ransomware attacks continue to be a major cybersecurity concern for both large enterprises and small and medium businesses.
In fact, this year’s industry reports on ransomware statistics show that small businesses are even more prone to become victims of this threat.
While more and more organizations started refusing to pay ransom and thus discourage ransomware-as-a-service (RaaS) business models, the overall figures for ransomware attacks impact are still high. Verizon’s Data Breach Investigation Report found a 37% increase
from last year’s report. Their data showed ransomware was present in 44% of all the breaches they reviewed, up from 32%.
So, let’s kick it off with the key ransomware incidents trends!
Key Ransomware Attack Trends
To find out what the ransomware attack trends were this year I checked DBIR 2025, Statista, and ransomware.live, which is a personal project of CTO Julien Mousqueton.
All three sources agree on the following.
Exploiting vulnerabilities and compromised credentials
Upatched vulnerabilities and zero-days are the number one initial access tactique that ransomware groups use. Using compromised credentials comes second, according to Statista:
- 32% exploited a vulnerability to gain access
- 23% used compromised credentials
- 19% of ransomware incidents had a malicious email as root cause
- 18% started with phishing
- 6% used brute force
DBIR data also point to exploited vulnerabilities and compromised credentials as top root causes of ransomware attacks:
Less victims agree to pay ransom
According to DBIR’s numbers, the number of organizations that pay the ransom, thus supporting Ransomware-as-a-Service business models, keeps going down. Also, the median sum of money paid as ransom dropped. This could mean organizations became aware that prevention measures against ransomware pay off:
- a layered cyber security strategy
- backups
- critical systems redundancy
Double extortion and the lack of control over whether you’ll get your data back or not after paying the hackers could also be a cause of this drop.
However, Statista data say the overall number of ransomware victims keeps rising.
Long story short, here’s what the figures say:
- the median paid ransom decreased with $35,000 from 2023 to 2024
- the highest ransom price also went down, from $9,900,250 in 2023 to $3,637,500 in 2024. This is almost 2 times lower than the 2022 maximum – $7,712,500
- 64% of ransomware victims refused to pay ransom in 2024, which is 10% higher than last year’s results (54%)
- the lowest number of victims year-round for 2023 was 166 (January), while the lowest for 2024, same month, was 286, which is more than double
- the highest number of victims for 2023 was 484 (November), and the lowest for 2024, same month, was 632
Ransomware hits small and medium businesses harder
It is no secret that smaller businesses have less chances to recover after a ransomware attack. Smaller budgets, less specialized workforce to handle the incident and follow through a recovery plan are among the reasons.
But this year’s DBIR report revealed another facet of SMB’s cybersecurity landscape. While in the case of large enterprises security analysts found ransomware in 39% of the breaches, ransomware was involved in 88% of SMBs reported breaches.
Ransomware is also disproportionally affecting small organizations. In larger organizations, Ransomware is a component of 39% of breaches, while SMBs experienced Ransomware-related breaches to the tune of 88% overall.
Source – DBIR 2025
Ransomware Statistics by Industry
No industry is immune to ransomware attacks; in 2021, 37% of all sectors experienced a ransomware attack. However, there is still some variation in which industries are more likely to be targeted.
Healthcare
- In 2021, healthcare was the third most targeted industry for ransomware attacks. (Blackfog)
- In 2020, ransomware attacks were responsible for nearly half of all data breaches in the healthcare industry. (Public Health and Human Services)
- Since 2016, the healthcare industry has lost more than $157 million due to ransomware attacks. (HIPAA Journal)
Education
- In 2021, education was the second most targeted industry for ransomware attacks. (Blackfog)
- In 2021, 44% of the education sector anticipated a ransomware attack. (EdScoop)
- The 44% of the education sector that experienced a ransomware attack is higher than the global average of 37% across all industries. (EdScoop)
- Between 2019 and 2020, the number of universities targeted by ransomware attacks increased by 100%. (BlueVoyant)
- On average, a ransomware attack on the higher education industry costs USD 447,000. (BlueVoyant)
- Since 2020, at least 1,681 universities and schools have been hit by 84 different ransomware attacks. (Emsisoft)
- In three of the six months in the first half of 2021, the education sector saw more ransomware attempts than the government industry. (SonicWall)
Government
- In 2021, ransomware attacks on the government tripled from the previous year’s peak. (SonicWall) In June 2021, there were approximately ten times the average number of ransomware attack attempts on the government. (SonicWall)
- In the last three years, there have been 246 separate ransomware attacks on US government agencies, costing nearly $52.88 billion. (CompariTech)
- Only 38% of local and state government employees are adequately trained in ransomware prevention. (IBM)
Finance & Insurance
- In 2020, 90% of all financial institutions experienced ransomware attacks. (Security at the Workplace)
- In 2020, ransomware and phishing attempts in the banking sector increased by 64%. (Arctic Wolf)
- Between March and June 2020, phishing and ransomware attacks on the banking sector increased by 520%. (Arctic Wolf)
Ransomware Statistics by Country
Ransomware attacks aren’t just getting worse; they’re getting worse worldwide. Last year, Europe saw a 234% increase in ransomware attacks, while North America saw a 180% increase.
The United States continues to experience more ransomware attacks than any other country; of the top ten countries with the highest volume of ransomware, the United States experienced four times as many episodes as the other nine countries combined.
- In 2021, the United States had the most ransomware attacks. (Cybereason)
- In 2021, ransomware attacks in the United Kingdom increased by 144%. (Help Net Security)
- Over 68% of Indian organizations reported a ransomware attack the previous year. (Statista)
- In 2021, the United States experienced 227,266,604 million ransomware attacks. (Cybereason)
- In 2021, Europe experienced a staggering 234% increase in ransomware attacks. (Cybereason)
- The volume of ransomware attacks in the United States increased by 185% in 2021. (Help Net Security)
- The importance of ransomware attacks in the United States increased by 185% in 2021. (Blackfog)
- According to a survey conducted between January and February 2022, 66% of organizations worldwide were victims of a ransomware attack. (Statista)
- Austria had the highest rate, with over 80% of organizations reporting a ransomware attack the previous year. (Statista)
- In South Africa, approximately half of the responding organizations had been victims of cybercrime. (Statista)
Top Five Biggest Ransomware Attacks
1. Costa Rica Government
What happened: This was probably the most talked-of attack in 2022 as it was the first time a country declared a national emergency in response to a cyber-attack. In early April, the first ransomware attack on the nation affected the finance ministry, private import-export businesses, and government services.
The ransomware group Conti carried out the first attack, which demanded $10 million from the government. Later, the ransom was raised to $20 million.
A further attack linked to HIVE affected the Costa Rican social security fund on May 31. In addition, the attack directly affected the average Costa Rican individual as the healthcare system was taken offline.
How much did it cost: The ransom amount was $20 million.
2. Nvidia
What happened: A ransomware attack compromised the world’s largest semiconductor chip company in February 2022. The company confirmed that the threat actor leaked employee credentials and proprietary information online.
As a result of the attack, Lapsus$ claimed to have access to one terabyte of exfiltrated company data that it would leak online.
One terabyte of proprietary data, employee data, company information, source codes for Nvidia’s hash rate limiter, and access credentials were stolen.
How much did it cost: The ransom amount was $1 million plus a breach of confidential information such as source codes, access credentials, and servers.
3. Bernalillo County, New Mexico
What happened: A ransomware attack paralyzed several county departments and government offices in New Mexico on January 5, 2022, making it one of the first significant attacks in 2022. Despite that, county officials have said they have not paid ransom to the hackers.
In addition to the severe citizen distress that comes with any government department going offline, a jail was taken offline by this ransomware attack.
As the ransomware attack knocked out the security cameras and automatic doors in the Metropolitan Detention Center, inmates had to be confined to their cells. As a result of the failure of the electronic locking systems on inmate cell doors, the Center severely restricted inmate movement, potentially violating the terms of a 25-year-old settlement agreement.
Due to the malware attack, the county could not comply with the agreement and filed an emergency notice in federal court.
How much did it cost: Bernalillo County officials have stated that they did not pay the ransom demanded by their hackers. However, according to reports, the county had a $2 million cyber insurance policy to cover the costs of mitigation and recovery.
4. Toyota
What happened: Toyota suppliers were hacked between February and March 2022, showing that even the most secure organization can and will find a way into your organization.
This hack is said to have caused a whopping 5% dip in Toyota’s monthly production capacity after its supplier, Kojima Industries suffered a cyber-attack (not necessarily a ransomware attack).be compromised by a determined threat actor.
Two more Toyota suppliers, Denso and Bridgestone, were also victimized by ransomware attacks within 11 days of each other.
In addition, due to a ransomware attack, Bridgestone’s subsidiary’s computer networks and production facilities in Middle America and North America were shut down. Lockbit admitted to carrying out the attack.
How much did it cost: The exact ransom amount was not disclosed, but Toyota subsequently suspended operations at all 28 lines at 14 domestic Japanese plants.
5. SpiceJet
What happened: An attempted ransomware attack on India’s SpiceJet airline in May of 2022 caused flights to be delayed and people to be stranded at airports.
However, the incident exposed serious cybersecurity gaps in one of the world’s largest aviation markets, even though it was only an “attempted” ransomware attack.
Per news reports, SpiceJet passengers had to wait more than 6 hours for information about their flight departures, negatively affecting the airline’s brand reputation.
A good Incident Response Plan can play a significant role in industries like aviation, where emergency response and timely communication are crucial.
How much did it cost: The ransomware attack impacted and slowed down SpiceJet flight departures and breached the data of 1.2 million passengers.
Predictions for Ransomware and Future Trends in 2025
Ransomware is rapidly evolving and will continue to affect all industries in 2023 and beyond. In the future, you should keep the following statistics in mind:
- By 2027, 30% of organizations will have implemented Zero Trust Network Access (ZTNA) models. (Gartner)
- By 2027, 60% of organizations, including investors and venture capitalists, will consider cybersecurity risk when evaluating new business opportunities. (Gartner)
- By 2027, 30% of nations will have passed legislation governing ransomware payments and negotiations. (Gartner)
- As stricter cybersecurity measures become a top priority, 40% of boards of directors will have a cybersecurity committee by 2025. (Gartner)
- By 2027, 70% of CEOs plan to invest in a cyber-resilient organizational culture. (Gartner)
How to Protect Your Assets Against Ransomware
First, avoid downloading content from suspicious web pages, do not open email attachments from senders not on your emailing list, and do not click on any links in these emails. It would also be beneficial if you thoroughly understood how ransomware spreads. It is critical to know how ransomware spreads to keep it at bay.
In addition, keep your antivirus software up to date, and think about deploying a ransomware encryption protection solution.
As part of its outstanding integrated cybersecurity suite, Heimdal provides Ransomware Encryption Protection, which is universally compatible with any antivirus solution and 100% signature-free, ensuring superior detection and remediation of all types of ransomware.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
If you liked this article, make sure you follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.
Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.
