article featured image


The state of ransomware remains, more or less, unchanged; my choice of words would be unchallenged. For the past couple of years, we have witnessed a steady increase in ransomware attacks – a 13% YoY (Year-over-Year) increase, according to a Verizon Business study

The frequency has also increased (or decreased, depending on your point of view); a study by DataProt suggests that every 11 seconds, an organization gets hit by a ransomware attack. 

Certainly not the wow factor we were looking for, but do keep in mind that the staple for 2019 was 14 to 1 (i.e., every 14 seconds, an organization gets hit by a ransomware attack). So, this article is dedicated to the most (business) relevant ransomware statistics of 2022. 

So let’s kick it off with the key ransomware attack trends! 

Key Ransomware Attack Trends

Double-Extortion Ransomware

Historically, ransomware was primarily accomplished through single extortion, in which attackers encrypt an organization’s data and demand a ransom in exchange for a decryption key.

However, ransomware groups are now transferring victims’ data to an offsite location before encrypting it, then threatening to leak or publish the data if a ransom is not paid. This is called double-extortion ransomware. The combined threat of encryption and data exfiltration is a form of double extortion, and threat actors are increasingly relying on this attack method because it is more profitable.

Increased Ransom Demands

As new types of ransomware techniques approach, such as double extortion, attackers demand higher ransom payments than ever before. In the first half of 2021, the average ransom demand was $5.3 million, a 518% increase over the same period in 2020. Moreover, the average ransom payment has risen by 82% since 2020, reaching a staggering $570,000 in the first half of 2021 alone.Increase in Ransomware-as-a-Service.

RaaS is a pay-for-use malware that allows cybercriminals to purchase pre-developed ransomware tools to carry out large-scale ransomware attacks. RaaS is similar to an affiliate program in that the creators of the devices receive a percentage for each successful ransom payment.

RaaS will continue to fuel the threat landscape in 2023 because it allows cyber criminals with even basic technical skills to deploy a ransomware attack.

The Industrial Goods & Services Sector: The Main Ransomware Attack Target

While ransomware is still one of the most common attack methods across all industries, the industrial goods and services sector was the most targeted in 2021. The DarkSide ransomware attack against Colonial Pipeline in May 2021 was one of the most high-profile attacks in this sector.

Colonial Pipeline is one of the largest fuel pipeline operators in the United States, supplying roughly 45% of the East Coast’s fuel supply and transporting over 100 million gallons daily.

Due to the DarkSide attack, the company was forced to halt all pipeline operations and IT systems, resulting in a gas shortage across the East Coast. Colonial Pipeline eventually paid a $5 million ransom to decrypt the locked systems.

Critical infrastructure networks, such as Colonial Pipeline, are becoming more common targets for ransomware, mainly as RaaS schemes spread.

This is likely due to the nature of the industrial services industry, which provides goods and services critical to the economy and daily business flow. Therefore, interrupting this sector has a threatening effect and is more likely to result in attackers receiving a ransom payment.

Ransomware Statistics by Industry

No industry is immune to ransomware attacks; in 2021, 37% of all sectors experienced a ransomware attack. However, there is still some variation in which industries are more likely to be targeted.


  • In 2021, healthcare was the third most targeted industry for ransomware attacks. (Blackfog)
  • In 2020, ransomware attacks were responsible for nearly half of all data breaches in the healthcare industry. (Public Health and Human Services)
  • Since 2016, the healthcare industry has lost more than $157 million due to ransomware attacks. (HIPAA Journal)


  • In 2021, education was the second most targeted industry for ransomware attacks. (Blackfog)
  • In 2021, 44% of the education sector anticipated a ransomware attack. (EdScoop)
  • The 44% of the education sector that experienced a ransomware attack is higher than the global average of 37% across all industries. (EdScoop)
  • Between 2019 and 2020, the number of universities targeted by ransomware attacks increased by 100%. (BlueVoyant)
  • On average, a ransomware attack on the higher education industry costs USD 447,000. (BlueVoyant)
  • Since 2020, at least 1,681 universities and schools have been hit by 84 different ransomware attacks. (Emsisoft)
  • In three of the six months in the first half of 2021, the education sector saw more ransomware attempts than the government industry. (SonicWall)


  • In 2021, ransomware attacks on the government tripled from the previous year’s peak. (SonicWall) In June 2021, there were approximately ten times the average number of ransomware attack attempts on the government. (SonicWall)
  • In the last three years, there have been 246 separate ransomware attacks on US government agencies, costing nearly $52.88 billion. (CompariTech)
  • Only 38% of local and state government employees are adequately trained in ransomware prevention. (IBM)

Finance & Insurance

  • In 2020, 90% of all financial institutions experienced ransomware attacks. (Security at the Workplace)
  • In 2020, ransomware and phishing attempts in the banking sector increased by 64%. (Arctic Wolf)
  • Between March and June 2020, phishing and ransomware attacks on the banking sector increased by 520%. (Arctic Wolf)

Ransomware Statistics by Country

Ransomware attacks aren’t just getting worse; they’re getting worse worldwide. Last year, Europe saw a 234% increase in ransomware attacks, while North America saw a 180% increase.

The United States continues to experience more ransomware attacks than any other country; of the top ten countries with the highest volume of ransomware, the United States experienced four times as many episodes as the other nine countries combined.

  • In 2021, the United States had the most ransomware attacks. (Cybereason)
  • In 2021, ransomware attacks in the United Kingdom increased by 144%. (Help Net Security)
  • Over 68% of Indian organizations reported a ransomware attack the previous year. (Statista)
  • In 2021, the United States experienced 227,266,604 million ransomware attacks. (Cybereason)
  • In 2021, Europe experienced a staggering 234% increase in ransomware attacks. (Cybereason)
  • The volume of ransomware attacks in the United States increased by 185% in 2021. (Help Net Security)
  • The importance of ransomware attacks in the United States increased by 185% in 2021. (Blackfog)
  • According to a survey conducted between January and February 2022, 66% of organizations worldwide were victims of a ransomware attack. (Statista)
  • Austria had the highest rate, with over 80% of organizations reporting a ransomware attack the previous year. (Statista)
  • In South Africa, approximately half of the responding organizations had been victims of cybercrime. (Statista)

Top Five Biggest Ransomware Attacks in 2022

1. Costa Rica Government 

What happened: This was probably the most talked-of attack in 2022 as it was the first time a country declared a national emergency in response to a cyber-attack. In early April, the first ransomware attack on the nation affected the finance ministry, private import-export businesses, and government services.

The ransomware group Conti carried out the first attack, which demanded $10 million from the government. Later, the ransom was raised to $20 million.

A further attack linked to HIVE affected the Costa Rican social security fund on May 31. In addition, the attack directly affected the average Costa Rican individual as the healthcare system was taken offline.

How much did it cost: The ransom amount was $20 million.

2. Nvidia

What happened: A ransomware attack compromised the world’s largest semiconductor chip company in February 2022. The company confirmed that the threat actor leaked employee credentials and proprietary information online.

As a result of the attack, Lapsus$ claimed to have access to one terabyte of exfiltrated company data that it would leak online.

One terabyte of proprietary data, employee data, company information, source codes for Nvidia’s hash rate limiter, and access credentials were stolen.

How much did it cost: The ransom amount was $1 million plus a breach of confidential information such as source codes, access credentials, and servers.

3. Bernalillo County, New Mexico

What happened: A ransomware attack paralyzed several county departments and government offices in New Mexico on January 5, 2022, making it one of the first significant attacks in 2022. Despite that, county officials have said they have not paid ransom to the hackers.

In addition to the severe citizen distress that comes with any government department going offline, a jail was taken offline by this ransomware attack.

As the ransomware attack knocked out the security cameras and automatic doors in the Metropolitan Detention Center, inmates had to be confined to their cells. As a result of the failure of the electronic locking systems on inmate cell doors, the Center severely restricted inmate movement, potentially violating the terms of a 25-year-old settlement agreement.

Due to the malware attack, the county could not comply with the agreement and filed an emergency notice in federal court.

How much did it cost: Bernalillo County officials have stated that they did not pay the ransom demanded by their hackers. However, according to reports, the county had a $2 million cyber insurance policy to cover the costs of mitigation and recovery.

4. Toyota

What happened: Toyota suppliers were hacked between February and March 2022, showing that even the most secure organization can and will find a way into your organization.

This hack is said to have caused a whopping 5% dip in Toyota’s monthly production capacity after its supplier, Kojima Industries suffered a cyber-attack (not necessarily a ransomware attack).be compromised by a determined threat actor.

Two more Toyota suppliers, Denso and Bridgestone, were also victimized by ransomware attacks within 11 days of each other.

In addition, due to a ransomware attack, Bridgestone’s subsidiary’s computer networks and production facilities in Middle America and North America were shut down. Lockbit admitted to carrying out the attack.

How much did it cost: The exact ransom amount was not disclosed, but Toyota subsequently suspended operations at all 28 lines at 14 domestic Japanese plants.

5. SpiceJet

What happened: An attempted ransomware attack on India’s SpiceJet airline in May of 2022 caused flights to be delayed and people to be stranded at airports.

However, the incident exposed serious cybersecurity gaps in one of the world’s largest aviation markets, even though it was only an “attempted” ransomware attack.

Per news reports, SpiceJet passengers had to wait more than 6 hours for information about their flight departures, negatively affecting the airline’s brand reputation.

A good Incident Response Plan can play a significant role in industries like aviation, where emergency response and timely communication are crucial.

How much did it cost: The ransomware attack impacted and slowed down SpiceJet flight departures and breached the data of 1.2 million passengers.

2022 General Ransomware Statistics

And now, for the moment everybody’s been waiting for – the most relevant ransomware statistics and studies of 2022. So, without further ado, let’s get started.

  1. Phishing is the most popular distribution vector, followed by spearphishing, and human error. Source
  2. Ransomware creators can take up to $3 billion per year. Source
  3. Companies tend to spend at least $10 billion per year on security training. Source
  4. Roughly 8% of consumers will report ransomware-related cybercrimes to authorities and only 6.5% of them will actually pay the ransom. Source
  5. 67% of Canadian and German institutions report having the means to deal with ransomware attacks. In the US, only 37% of responders said that they possess the means to counter ransomware attacks. Source
  6. 14 US critical sectors have been subjected to intense ransomware attacks. Source
  7. FBI identified 2000+ ransomware attacks from January to July. Source
  8. It takes a company 22 days on average to recover after a ransomware attack. Source
  9. 20% of organizations and institutions have experienced ransomware attacks after switching to remote working. Source
  10. 65% of companies that paid the ransom got their data back. Source
  11. 1,211 ransomware variants are being created each day. Source
  12. It takes ransomware 43 minutes to encrypt 55GB of data. Source
  13. Data exfiltration occurs in 84% of ransomware attacks. Source
  14. Cobalt Strike Beacon was used in 32% of US ransomware attacks in Q1 2022. Source
  15. The most targeted global business sector was Telecom. It accounted for 53% of ransomware attacks. Source
  16. CMD was the most used ransomware tool, accounting for 14% of ransomware attacks95% of data breaches. Source
  17. 1 out of 40 organizations will be hit by ransomware. Source
  18. In Q2 2022, Education and Research is the most targeted sector – 53%. Source
  19. The average cost of a data breach due to ransomware attack is $4.3 million. Source

Predictions for Ransomware and Future Trends in 2023

Ransomware is rapidly evolving and will continue to affect all industries in 2023 and beyond. In the future, you should keep the following statistics in mind:

  • By 2024, 30% of organizations will have implemented Zero Trust Network Access (ZTNA) models. (Gartner) 
  • By 2025, 60% of organizations, including investors and venture capitalists, will consider cybersecurity risk when evaluating new business opportunities. (Gartner)
  • By 2025, 30% of nations will have passed legislation governing ransomware payments and negotiations. (Gartner) 
  • As stricter cybersecurity measures become a top priority, 40% of boards of directors will have a cybersecurity committee by 2025. (Gartner)
  • By 2025, 70% of CEOs plan to invest in a cyber-resilient organizational culture. (Gartner)
  • In 2023 and beyond, attackers are expected to use IoT devices more frequently to carry out ransomware attacks. (Security Boulevard via RSA Security)
  • Since 2016, annual revenue for the corporate web security industry has increased yearly, and it is expected to reach nearly $8 billion by 2025. (Statista)

How to Protect Your Assets Against Ransomware

First, avoid downloading content from suspicious web pages, do not open email attachments from senders not on your emailing list, and do not click on any links in these emails. It would also be beneficial if you thoroughly understood how ransomware spreads. It is critical to know how ransomware spreads to keep it at bay.

In addition, keep your antivirus software up to date, and think about deploying a ransomware encryption protection solution.

As part of its outstanding integrated cybersecurity suite, Heimdal provides Ransomware Encryption Protection, which is universally compatible with any antivirus solution and 100% signature-free, ensuring superior detection and remediation of all types of ransomware.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If you liked this article, make sure you follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Gabriella Antal

SMM & Corporate Communications Officer

linkedin icon

Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.

Leave a Reply

Your email address will not be published. Required fields are marked *