The state of ransomware remains, more or less, unchanged; my choice of words would be unchallenged. For the past couple of years, we have witnessed a steady increase in ransomware attacks – a 13% YoY (Year-over-Year) increase according to a Verizon Business study. The frequency has also increased (or decreased, depending on your point of view); a study by DataProt suggests that every 11 seconds an organization gets hit by a ransomware attack. Certainly not the wow factor we were looking for, but do keep in mind that the staple for 2019 was 14 to 1 (i.e., every 14 seconds an organization gets hit by a ransomware attack). As you probably guessed, this article is dedicated to the most (business) relevant ransomware statistics of 2022. Enjoy!

A nota bene before we kick this off. This article will be split into two sections – the first one will be a quick recap of the most important ransomware happenings in Q1, Q2, and Q3, while the second section will be dedicated to stats, studies, and, of course, recommendations. That being said, let’s see how 2022 went so far in terms of ransomware attacks.

Q1 in Ransomware

January 2022 Attacks

Delta Electronics

On the 18th of January, Delta Electronics, an important contractor for companies such as Tesla and Apple, suffered a ransomware attack. The investigation revealed that the attacker or attackers targeted non-critical systems. Though the details were a bit blurry, some sources stated that Delta Electronics might have been more severe than the company let on. Conti, the ransomware in question, managed to knock out and encrypt around 1,500 Delta servers and 15K endpoints. The attackers asked for $15 million in exchange for the decryption keys and even offered an ‘early-bird’ discount.


In early January, FinalSite got hit unknown ransomware. The SaaS, which provides CMS, hosting, and design services to various institutions including K-12 school districts, was assaulted by tons of support tickets from K-12 customers complaining about inaccessible web resources. According to the incident report, all websites hosted by FinalSite went offline due to “performance and technical-related issues”. In reality, the company was hit by a ransomware attack that prevented access to said resources.

QNAP Systems

In late January, Taiwanese company QNAP Systems made headlines after many of its NAS customers reported that they were no longer able to access their devices. The investigation revealed that the devices got encrypted by DeadBolt Ransomware. QNAP has yet to disclose how many NASs were affected during this attack. As for the ransoming part, the attackers demanded the Bitcoin equivalent of $1.1K in exchange for the decryption key.

February 2022 Attacks

Microsoft Exchange

Back in February, Mandiant discovered that a new and improved version of Cuba Ransomware was ransacking Microsoft Exchange servers. The malware used cutting-edge tools such as Cobalt Strike Beacon, NetSupport, BURNTCIGAR, WEDGECU, and the BUGHATCH custom downloader.


Around the same time, Mandiant was blowing the whistle on Cuba’s appetite for MS Exchange servers, another big fish was getting pummeled by ransomware. During an over-the-weekend ransomware raid, Mizuno Corporation lost phone lines and experienced order delays.


In early February, Puma experienced a data breach due to a ransomware attack. Nothing too spectacular, unless you factor in the fact that Kronos was, partly, responsible for Puma’s data breach. Back in 2021, Kronos got KOed by a ransomware attack and because, at that time, Puma and Kronos worked together, Puma got breached as well.

March 2022 Attacks


Back in March, Shutterfly spilled the beans about the data breach that occurred in December 2020. According to the company’s statement, during the Conti ransomware attack, multiple company-owned servers and endpoints got encrypted. The APT behind the attack also managed to steal sensitive data and files.


In late March, a threat group managed to infiltrate Samsung and leaked 190GB worth of data. The investigation revealed that the same group was behind the NVIDIA incident that occurred a week earlier.


Prior to the attack on Samsung, threat group Lapsu$$ breached NVIDIA and managed to steal 1TB worth of GPU specs and at least 20GB worth of documents.

Q2 in Ransomware

April 2022 Attacks

Nordex SE

After being hit by a ransomware attack in late March, European company Nordex SE decided to shut down all systems to limit the spreading of Conti ransomware.


Around the same Nordex was purging Conti from its systems, Ermenegildo Zegna Group found itself in the same predicament; forensics revealed that the luxury menswear brand and subsidiaries were attacked by RansomEXX APT. The attack completely disrupted the company’s systems.

May 2022 Attacks


Low-cost airline company SpiceJet got spiked back in May by ransomware that caused its systems to crash. As a result, most of the flights got canceled.

CPS (Chicago Public Schools)

Chicago Public Schools, the second largest US schooling district, announced back in May that the data of over 500,000 students had been leaked as a result of an undisclosed ransomware attack that took place in December 2021.

June 2022 Attacks

Flagstar Bank

In June, Flagstar Bank publicly announced that due to a ransomware attack that occurred in December, the data of 1.5 million customers got leaked.

Microsoft Exchange Encore

Cuba wasn’t the only ransomware used to target unpatched Microsoft Exchange servers.  Microsoft’s June research revealed that BlackCat has also been employed for the same purpose.

Q3 in Ransomware

July 2022 Attacks


Esteemed publishing house Macmillan got hit by a ransomware attack in early July. Although nothing was taken – or added – the attack forced Macmillan Publishing to take its systems offline for a couple of days.

Professional Finance Company Inc. (PFC)

During the same month, PFC went public about the ransomware attack and subsequent data breach. The latter affected at least 600 of its customers.

August 2022 Attacks


And because we simply cannot go by without talking about the elephant in the room, Cisco recently announced that its infrastructure was breached by the Yanluowang ransomware gang. The ensuing investigation revealed that nothing was taken nor leaked.

Creos Luxembourg S.A.

BlackCat also has a penchant for non-Microsoft-related assets. Back in July, it went after Creos Luxembourg. The company went public in early August. No data was leaked, but some of its online assets were taken offline for a couple of days, pending an internal investigation.

2022 Ransomware Statistics

And now, for the moment everybody’s been waiting for – the most relevant ransomware statistics and studies of 2022. So, without further ado, let’s get started.

  1. Phishing is the most popular distribution vector, followed by spearphishing, and human error. (Statista)
  2. Ransomware creators can rake up to $1 billion per year. (University of Surry)
  3. Companies tend to spend at least $10 billion per year on security training. (Kaspersky)
  4. Roughly 8% of consumers will report ransomware-related cybercrimes to authorities and only 6.5% of them will actually pay the ransom. (Stanford University)
  5. 67% of Canadian and German institutions report having the means to deal with ransomware attacks. In the US, only 37% of responders said that they possess the means to counter ransomware attacks. (Malwarebytes)
  6. 14 US critical sectors have been subjected to intense ransomware attacks. (Cybersecurity & Infrastructure Security Agency).
  7. FBI identified 2000+ ransomware attacks from January to July.
  8. It takes a company 22 days on average to recover after a ransomware attack.
  9. 20% of organizations and institutions have experienced ransomware attacks after switching to remote working.
  10. 65% of companies that paid the ransom got their data back (Sophos)
  11. 1,211 ransomware variants are being created each day. (SonicWall)
  12. It takes ransomware 43 minutes to encrypt 55GB of data. (Splunk)
  13. Data exfiltration occurs in 84% of ransomware attacks.
  14. Cobalt Strike Beacon was used in 32% of US ransomware attacks in Q1 2022 (Trellix)
  15. The most targeted global business sector was Telecom. It accounted for 53% of ransomware attacks. (Trellix)
  16. CMD was the most used ransomware tool, accounting for 14% of ransomware attacks (Trellix)
  17. 95% of data breaches can be traced back to human error. (World Economic Forum)
  18. 1 out of 40 organizations will be hit by ransomware. (CheckPoint)
  19. In Q2 2022, Education and Research is the most targeted sector – 53%. (CheckPoint)
  20. The average cost of a data breach due to ransomware attack is $4.3 million. (IBM)
Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

How to Protect Your Assets against Ransomware

On the defender’s side, extra precautions are mandated. For starters, avoid downloading content from suspicious web pages, don’t open email attachments from senders outside of your emailing list, and don’t follow any links that might be enclosed in these emails. On top of that, ensure that your AV’s up to date, and consider deploying a ransomware encryption protection solution. Heimdal’s Ransomware Encryption Protection solution that actively seeks malicious encryption attempts and stops them before they encrypt your files.

If you liked this article, make sure you follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

More and More Companies Are Getting Hit with Ransomware [2021-2022]

Ransomware Explained. What It Is and How It Works

Ransomware Payouts in Review. Highest Payments, Trends & Stats

Leave a Reply

Your email address will not be published. Required fields are marked *