The state of ransomware remains, more or less, unchanged; my choice of words would be unchallenged. For the past couple of years, we have witnessed a steady increase in ransomware attacks – a 13% YoY (Year-over-Year) increase, according to a Verizon Business study

The frequency has also increased (or decreased, depending on your point of view); a study by DataProt suggests that every 11 seconds, an organization gets hit by a ransomware attack. 

Certainly not the wow factor we were looking for, but do keep in mind that the staple for 2019 was 14 to 1 (i.e., every 14 seconds, an organization gets hit by a ransomware attack). So, this article is dedicated to the most (business) relevant ransomware statistics of 2022. 

So let’s kick it off with the top five ransomware attacks in 2022!

Top 5 Biggest Ransomware Attacks in 2022

1. Costa Rica Government 

What happened: This was probably the most talked-of attack in 2022 as it was the first time a country declared a national emergency in response to a cyber-attack. In early April, the first ransomware attack on the nation affected the finance ministry, private import-export businesses, and government services.

The ransomware group Conti carried out the first attack, which demanded $10 million from the government. Later, the ransom was raised to $20 million.

A further attack linked to HIVE affected the Costa Rican social security fund on May 31. In addition, the attack directly affected the average Costa Rican individual as the healthcare system was taken offline.

How much did it cost: The ransom amount was $20 million.

2. Nvidia

What happened: A ransomware attack compromised the world’s largest semiconductor chip company in February 2022. The company confirmed that the threat actor leaked employee credentials and proprietary information online.

As a result of the attack, Lapsus$ claimed to have access to one terabyte of exfiltrated company data that it would leak online.

One terabyte of proprietary data, employee data, company information, source codes for Nvidia’s hash rate limiter, and access credentials were stolen.

How much did it cost: The ransom amount was $1 million plus a breach of confidential information such as source codes, access credentials, and servers.

3. Bernalillo County, New Mexico

What happened: A ransomware attack paralyzed several county departments and government offices in New Mexico on January 5, 2022, making it one of the first significant attacks in 2022. Despite that, county officials have said they have not paid ransom to the hackers.

In addition to the severe citizen distress that comes with any government department going offline, a jail was taken offline by this ransomware attack.

As the ransomware attack knocked out the security cameras and automatic doors in the Metropolitan Detention Center, inmates had to be confined to their cells. As a result of the failure of the electronic locking systems on inmate cell doors, the Center severely restricted inmate movement, potentially violating the terms of a 25-year-old settlement agreement.

Due to the malware attack, the county could not comply with the agreement and filed an emergency notice in federal court.

How much did it cost: Bernalillo County officials have stated that they did not pay the ransom demanded by their hackers. However, according to reports, the county had a $2 million cyber insurance policy to cover the costs of mitigation and recovery.

4. Toyota

What happened: Toyota suppliers were hacked between February and March 2022, showing that even the most secure organization can and will find a way into your organization.

This hack is said to have caused a whopping 5% dip in Toyota’s monthly production capacity after its supplier, Kojima Industries suffered a cyber-attack (not necessarily a ransomware attack).be compromised by a determined threat actor.

Two more Toyota suppliers, Denso and Bridgestone, were also victimized by ransomware attacks within 11 days of each other.

In addition, due to a ransomware attack, Bridgestone’s subsidiary’s computer networks and production facilities in Middle America and North America were shut down. Lockbit admitted to carrying out the attack.

How much did it cost: The exact ransom amount was not disclosed, but Toyota subsequently suspended operations at all 28 lines at 14 domestic Japanese plants.

5. SpiceJet

What happened: An attempted ransomware attack on India’s SpiceJet airline in May of 2022 caused flights to be delayed and people to be stranded at airports.

However, the incident exposed serious cybersecurity gaps in one of the world’s largest aviation markets, even though it was only an “attempted” ransomware attack.

Per news reports, SpiceJet passengers had to wait more than 6 hours for information about their flight departures, negatively affecting the airline’s brand reputation.

A good Incident Response Plan can play a significant role in industries like aviation, where emergency response and timely communication are crucial.

How much did it cost: The ransomware attack impacted and slowed down SpiceJet flight departures and breached the data of 1.2 million passengers.

2022 Ransomware Statistics

And now, for the moment everybody’s been waiting for – the most relevant ransomware statistics and studies of 2022. So, without further ado, let’s get started.

  1. Phishing is the most popular distribution vector, followed by spearphishing, and human error. Source
  2. Ransomware creators can take up to $3 billion per year. Source
  3. Companies tend to spend at least $10 billion per year on security training. Source
  4. Roughly 8% of consumers will report ransomware-related cybercrimes to authorities and only 6.5% of them will actually pay the ransom. Source
  5. 67% of Canadian and German institutions report having the means to deal with ransomware attacks. In the US, only 37% of responders said that they possess the means to counter ransomware attacks. Source
  6. 14 US critical sectors have been subjected to intense ransomware attacks. Source
  7. FBI identified 2000+ ransomware attacks from January to July. Source
  8. It takes a company 22 days on average to recover after a ransomware attack. Source
  9. 20% of organizations and institutions have experienced ransomware attacks after switching to remote working. Source
  10. 65% of companies that paid the ransom got their data back. Source
  11. 1,211 ransomware variants are being created each day. Source
  12. It takes ransomware 43 minutes to encrypt 55GB of data. Source
  13. Data exfiltration occurs in 84% of ransomware attacks. Source
  14. Cobalt Strike Beacon was used in 32% of US ransomware attacks in Q1 2022. Source
  15. The most targeted global business sector was Telecom. It accounted for 53% of ransomware attacks. Source
  16. CMD was the most used ransomware tool, accounting for 14% of ransomware attacks95% of data breaches. Source
  17. 1 out of 40 organizations will be hit by ransomware. Source
  18. In Q2 2022, Education and Research is the most targeted sector – 53%. Source
  19. The average cost of a data breach due to ransomware attack is $4.3 million. Source

Most Vulnerable Industries to Ransomware Attacks

most vulnerable industries to ransomware attacks

The source of this data is WSJ Pro Research.

As you can see, the following industries are the most vulnerable to ransomware attacks:

  • Construction: 74%.
  • Tech firms: 51%.
  • Energy, oil, and utilities: 43%.
  • IT: 33%.
  • Retail: 33%. 
  • Business and Professional Services: 33%.
  • Government: 18%. 

So the obvious question is, what factors make some industries more likely to pay a ransom than others?

For construction companies, a ransomware attack may mean plans are lost. Therefore, work on large contracts grinds to a halt, causing immediate deadlines and downstream projects in their portfolio to be missed.

In the technology industry, ransomware can compromise susceptible and competitive assets such as intellectual property, product plans, and customer information.

The stakes are even more significant when ransomware attacks cause power outages or prevent medical care. These and other industries have compelling reasons to pay.

But the reasons for not paying are just as numerous.

Here’s What Happens When You Pay the Ransom

We find that companies typically pay ransoms to prevent business disruptions and expedite data recovery, but these and other adverse outcomes tend to occur anyway:

  • Your data could still be corrupted. Unfortunately, ransomware operators rarely play fair. BleepingComputer reported that ProLock’s decryptor (you know, the one you pay for) was a Trojan horse gift and could corrupt files larger than 64MB. Half of the organizations paid a ransom and restored their data, while 46% found it corrupted.
  • Paying the ransom could violate federal laws. The Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department has a cyber-related sanctions program, and it’s illegal to do business with anyone on that list, including ransomware operators.
  • Your organization could be vulnerable to another attack. According to research, of those organizations that paid the ransom, 80% of them got attacked again in the following month, and 68% were attacked again within the same month. In the case of REvil, the hackers approached extorted victims shortly after payment and demanded more money, this time not to leak the exfiltrated data. Some did leak it, nonetheless.

How to Protect Your Assets Against Ransomware

First, avoid downloading content from suspicious web pages, do not open email attachments from senders not on your emailing list, and do not click on any links in these emails. It would also be beneficial if you thoroughly understood how ransomware spreads. It is critical to know how ransomware spreads to keep it at bay.

In addition, keep your antivirus software up to date, and think about deploying a ransomware encryption protection solution.

As part of its outstanding integrated cybersecurity suite, Heimdal provides Ransomware Encryption Protection, which is universally compatible with any antivirus solution and 100% signature-free, ensuring superior detection and remediation of all types of ransomware.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If you liked this article, make sure you follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

What Is the Main Vector of Ransomware Attacks?

Major Companies Affected by Ransomware [2022-2023]

Ransomware Payouts in Review: Highest Payments, Trends & Stats

How Does Ransomware Spread? Here’s What You Need to Know

These Free Ransomware Decryption Tools Are Your Key to Freedom [Updated 2023]

Ransomware 101: What Is Targeted Ransomware and How Does It Work

Ransomware Explained. What It Is and How It Works

Leave a Reply

Your email address will not be published. Required fields are marked *