Select Page

2022 Ransomware Attack Trend Report: Key Findings

Ransomware attacks have surged in recent years, fueled by the lack of data protection, outdated IT systems, advanced attack methods, and the COVID-19 pandemic. Despite awareness of the growing threat, many companies still lack proper cybersecurity measures. This is a worrying trend, especially given the alarming state of ransomware in various industries.

To combat this issue, it is vital that organizations adopt strong cybersecurity practices, reduce their attack surface, and have backup and disaster recovery solutions in place, including air-gapped and immutable backups, to recover in the event of a ransomware attack.

This blog aims to provide a comprehensive overview of the state of cybersecurity by highlighting the ransomware statistics and trends for 2022.

The Impact of Data Breaches and Hacking: Insights and Statistics

Data breaches can have devastating consequences, exposing sensitive information and leading to identity and financial theft. In recent years, the number and sophistication of these attacks have increased, leaving organizations vulnerable to damage to their reputation, legal violations, and financial losses.

Here, we delve into a comprehensive analysis of data breach statistics and their underlying causes, exploring the effects of these attacks and the motivations behind them, with a focus on some of the most significant and historical data breaches.

Data Breach Statistics and the Cost of Ransomware Attacks

The number of ransomware attacks reached its highest point in the second quarter of 2021, with a staggering 188.9 million incidents reported. (Source: SonicWall)

Data Breach Statistics and the Cost of Ransomware Attacks

In 2022, the average cost of a data breach increased by 2.6% from the previous year, reaching $4.35 million. This represents a rise from 2021’s average cost of $4.24 million. (UpGuard)

Ransomware Attacks

  • The average cost of a ransomware breach was $4.54 Million. (UpGuard)
  • In 2021, the rate of successful ransomware encryption rose to 65%, a significant increase from the previous year’s rate of 54%. (Sophos)
  • The likelihood of a cybercrime entity facing prosecution in the United States is only 0.05%. (World Economic Forum)
  • During H1 2022, there were a staggering 236.1 million ransomware attempts recorded. (Statista)
  • In 2022, 19% of data breaches were facilitated by compromised credentials, making it the most prevalent attack vector. (UpGuard)
  • Personal data was exfiltrated in 45% of breaches. (Verizon)
  • The incidence of identity theft experienced a 42% surge in 2020 and has continued to rise. (Insurance Information Institute)
  • The complexity of supply chain attacks increased in 2022, leading to a rise in the average detection time by 26 days. 20% of data breaches were caused by a compromise of a third-party vendor. (UpGuard)
  • The frequency of security breaches has risen by 11% from 2018 till present day. (Accenture)
  • Small organizations with one to 250 employees have the highest rate of being targeted by malicious email. (Symantec)
  • Supply chain attacks increased to 100 percent in 2021. (Symantec)

Most Active Ransomware Groups in 2022

In the first half of 2022, the top 3 ransomware families were Cerber with 43 million instances, Ryouk with 34 million instances, and GrandCrab with 16 million instances. (SonicWall)

Most Active Ransomware Groups

The top 5 ransomware groups in 2021 were STOP (51%), REvil (34%), Cerber (4%), Conti (2%), and DarkSide (1%). (AntiViruseGuide)

Most Active Ransomware Groups

High-Profile Ransomware Incidents of 2022

In 2022, ransomware impacted over 70% of businesses, marking a significant increase from five years prior and the highest recorded figure to date. (Statista)

High-Profile Ransomware Incidents

Here are the most noteworthy data breaches in 2022:

  • In October 2022, American Airlines suffered a breach as a result of a phishing campaign in which an employee’s Microsoft 365 account was hacked, causing multiple flight delays. (P.O. Magazine)
  • In September 2022, the gameplay videos and source code for Grand Theft Auto 6, as well as Grand Theft Auto V and Grand Theft Auto VI, were leaked after a hacker breached Rockstar Games’ Slack server and Confluence wiki. (Esquire)
  • The second-largest collection of public schools in the United States, the Los Angeles Unified School District, was targeted by a ransomware attack that disrupted the district’s email system and other applications. (Data Breach Today)
  • North Face, an outdoor apparel brand, suffered a major cyberattack that compromised nearly 200,000 customer accounts, including their full names, purchase histories, billing and shipping addresses. (Tech Radar)
  • “MyDeal,” the Australian retail marketplace, was hacked through the use of compromised user credentials, affecting 2.2 million customers. (Heimdal Security)
  • The DDoS group, KillNet, attacked government websites in Colorado, Kentucky, and Mississippi. (Info Security Magazine)
  • Hackers stole 2 million Binance Coins (BNB), worth $566 million, from Binance Bridge. (Coin Desk)
  • The REvil variant Darkside attacked the Toshiba Tec Group and exfiltrated 740 gigabytes of data, including information on management, new businesses, and personal data. (Security Week)
  • In January 2022, RansomHouse exfiltrated over 450 GB of data from Advanced Micro Devices (AMD). (TechCrunch)
  • Shoprite Holdings, Africa’s largest supermarket chain, was impacted by a ransomware attack that resulted in the exfiltration of 600GB of data. (Bleeping Computer)
  • Professional Finance Company Inc. (P.F.C.), which facilitates thousands of healthcare, government, and utility organizations across the U.S., experienced a data breach that impacted over 600 healthcare organizations in a supply chain attack. (Secure Reading)
  • The Okta phishing campaign compromised over 130 organizations, targeting various industries including cryptocurrency, technology, finance, and recruiting. (Bleeping Computer)
  • The Instituto Agrario Dominicano (IAD) was hit by a Quantum ransomware attack, which encrypted multiple services and servers throughout the government agency. The attackers demanded a ransom of over 600 thousand dollars and threatened to leak sensitive data. (Cyber Intel Mag)
  • The Yanluowang Ransomware Gang hacked Cisco and stole 2.75GB of data, including non-disclosure agreements, data dumps, and engineering drawings. (Bleeping Computer)
  • A group of hackers jointly attacked the cross-chain crypto bridge Nomad and stole nearly 200 million dollars in digital assets. (Data Breach Today)
  • The personal information of 700 million LinkedIn members was exposed in a 2021 data breach, accounting for approximately 93% of all LinkedIn members. (RestorePrivacy)
  • In March 2021, nearly 30,000 US organizations, including top-tier enterprise businesses and government agencies, were affected by an attack on Microsoft. (Microsoft)
  • In April 2021, a vulnerability that was two years old exposed the personally identifiable information of over 533 million users. (Auth0)
  • In 2021, the Colonial Pipeline Company was hit by a ransomware attack that resulted in the disruption of its operations and caused fuel shortages, sparking mass panic among the public. (Bloomberg)
  • JBS meat processing company was targeted by ransomware and was forced to shut down its meat processing plants on four continents. (Wall Street Journal)
  • The personal information of 48 million people was exposed in the 2021 T-Mobile data breach. (T-Mobile)
  • The Neiman Marcus data breach in 2021 exposed the payment information of almost 4.6 million luxury item shoppers. (Neiman Marcus)
  • The personal data of 100 million users was exposed due to a data leak caused by misconfigured cloud services. (Check Point)
  • In 2021, Panasonic became a victim of a cyberattack that compromised the information of its partners, job candidates, and interns. (Tech Crunch)
  • The trading app Robinhood was a victim of social engineering, which resulted in the compromise of the personal data of nearly 4 million users. (Robinhood)
  • The 2020 Twitter breach resulted in the compromise of 130 high-profile accounts, including those of Elon Musk and the U.S. President. The attackers demanded $121,000 in Bitcoin. (CNBC)
  • In 2020, cyber attackers used social engineering tactics to replicate the voice of a U.A.E. company director and initiate a $35 million bank transfer. (Forbes)
  • The systems of the Marriott hotel were breached in 2020, resulting in the compromise of 5.2 million hotel guests. (Marriott).
  • The M.G.M. breach in 2019 resulted in the compromise of personally identifiable information of almost 142 million hotel guests. (P.O. Magazine)
  • In 2018, the My Fitness Pal app was hacked, affecting 150 million users. (Under Armour)
  • In 2017, the Equifax breach exposed data of 147.9 million consumers and a $4 billion loss in total. (Equifax)
  • In 2017, Friendfinder was breached, resulting in the theft of data from 412 million user accounts. (Wall Street Journal
  • In 2017, almost 150 countries were affected by the WannaCry virus, which compromised 400,000 servers and resulted in a loss of nearly $4 billion. (Technology Inquirer)
  • In 2013, Yahoo experienced the largest breach to date, compromising the data of three billion Yahoo accounts. (NPR)

Ransomware and Malware Attack Statistics

Cyber threats are becoming increasingly diverse and malicious actors are continually adapting their tactics. Nevertheless, the most frequent attacks on businesses are phishing, social engineering, whaling, DDoS, malware, and ransomware. A clear understanding of these threats, their severity, and impacts is crucial.

Here’s a list of statistics that highlights the prevalence, intensity, and impact of ransomware:

  • The average cost of a ransomware payment rose by 518% in 2021, totaling $570,000. (R.C. World Forums)
  • The incidence of malware attacks has increased by 358% since 2020. (Help Net Security)
  • Approximately 26% of all internet traffic is generated by malicious bots. (Imperva)
  • The majority of all attacks target office documents, with a 112% increase in attacks on Microsoft documents. (Help Net Security)
  • 94% of malware attacks were initiated through email. (Verizon)
  • The average cost of a ransomware attack is $2 million. (Sophos)
  • On average, only 8% of businesses successfully recover all their data after paying a ransom. (Sophos)
  • Almost half of all harmful emails contained attachments in Microsoft Office format. (Symantec)
  • Every 11 seconds, a company becomes a target of a ransomware attack. (Cybersecurity Ventures)

Ransomware Attack Vector Trends and Insights

Ransomware Attack Vector Trends and Insights

  • The primary means of delivering ransomware to systems are through external remote services (67%), zero-day exploits (20%), and phishing attacks (13%). (AntiViruseGuide)
  • Desktop-sharing software was utilized in 40% of ransomware incidents, while email played a role in 35% of these occurrences. (Verizon)
  • 57% of organizations experience daily or weekly phishing attacks. (GreatHorn)
  • Spear-phishing is the most common infection vector in 65% of all attacks. (Symantec)
  • Phishing attacks are seen in more than 80% of all attacks. (S.O. Online)
  • An estimated $17,700 is lost every minute due to phishing attacks. (S.O. Online)

Distributed Denial-of-Service (DDoS), and Cyber Attacks on Internet of Things (IoT)

  • The number of IoT-related hacking attacks rose by 54% in 2019. (Webinarcare)
  • 61% of organizations have experienced an incident caused by insecure IoT devices. (Webinarcare)
  • IoT attacks almost doubled, and 1.51 billion IoT breaches were recorded in the first half of the year using remote access protocols like Telnet, SSH and SSI. (Kaspersky)
  • Attacks on Internet of Things devices tripled in 2019. (S.O. Online)
  • Mirai-distributed DDoS attacks were the third most common threat to Internet of Things (IoT) devices in 2018. (Symantec)
  • 30% of data breaches were successful because internal actors inappropriately accessed sensitive information. (Verizon)
  • On average, 5,200 attacks are launched against Internet of Things (IoT) devices every month. (Symantec)
  • Remote Code Execution (RCE) was found to be associated with crypto mining 90 percent of the time. (Purplesec)

Cybersecurity Compliance and Cyber-Insurance Statistics

Data privacy and protection is a priority topic in legislation across different regions. Strict measures are being enforced in these legislations, including setting proper file permission, maintaining access controls, managing stale data and implementing backup and disaster recovery (D.R.) systems to protect sensitive data. This helps to maintain compliance with European GDPR, HIPAA and others.

  • 78% of enterprise businesses expect their spending to increase in order to comply with regulatory compliance requirements. (Thomson Reuters)
  • Large enterprise firms face an expensive barrier to compliance: The cost of compliance can be as much as $10,000 per employee. (Competitive Enterprise Institute)
  • In 2018, businesses spent an average of $1.3 million on compliance requirements. (IAAP)
  • The average employee has access to 11 million files, and 17% of all sensitive files. (Varonis)
  • More than 77% of organizations surveyed say they do not have a disaster recovery plan. (Cabinet)

Most companies, 94%, are unable to get cyber insurance coverage in 2021 due to the high number of ransomware attacks. However, 83% of respondents said their organization has cyber insurance with ransomware protection. (Sophos)

  • Nearly two-thirds of respondents (64%) say that there are ridiculously higher cybersecurity requirements for getting coverage. (Sophos)
  • The majority of respondents (47%) believe that their policies are getting more complicated. (Sophos)
  • Cyber insurance is rare among companies, with only 40% offering it to clients. (Sophos)
  • 37% of respondents complained that security spending process took longer than necessary. (Sophos)
  • 34% reported that cyber insurance cost more than they could afford. (Sophos)
  • 89% of the energy, oil/gas, and utility sectors have coverage. (Sophos)
  • Secondary education had the highest payment rate (53%) while manufacturing and production had the lowest (30%). (Sophos)

Security Spending and Cost Statistics

Security Spending and Cost Statistics

The rise in ransomware attacks with more advanced tactics has led to a surge in damage and recovery costs. This has prompted businesses to prioritize investing in cybersecurity with backup and disaster recovery to avoid crippling costs. Here are some key statistics:

  • Between 2015-2021, global ransomware costs rose from $325 million to $20 billion. (AntiViruseGuide)
  • In 2021, 66% of organizations suffered from ransomware attacks, a 78% rise from 2020’s 37%. (Sophos)
  • 90% of ransomware victims in 2021 had significant operational disruptions. (Sophos)
  • The average cost of recovering from a ransomware attack was $1.4 million in 2021, down from $1.85 million in 2020. (Sophos)
  • The number of victims paying $1 million in ransom tripled to 11% in 2021. (Sophos)
  • The global ransom average was $200,000 in H1 2022, up from 2020’s average of $169K. (Coveware)

Security Spending and Cost Statistics

  • The manufacturing sector had the highest ransom average of $2.04 million in 2021. (Sophos)
  • The average cost of a cyber-attack is $2.6 million. (Accenture)
  • The annual security spending per employee rose $354 in 2020. (Deloitte)
  • Information loss is the most expensive loss in a cyberattack, averaging $5.9 million. (Accenture)
  • 69% of organizations plan to increase cybersecurity spending in 2022. Infosec security
  • 50% of cybersecurity budgets are for security services. (Gartner)

GDPR and Cybersecurity Statistics

  • Spain has imposed three times more GDPR penalties in 2021 compared to other countries. (Lexology)
  • In 2021, the total GDPR fines reached nearly $1.2 billion. (CNBC)
  • Companies spent around $9 billion on GDPR compliance, according to Forbes. (Forbes)
  • GDPR fines reached $63 million in 2018, the first year of enforcement. (eu)
  • Google was fined $57 billion by CNIL for GDPR violations. (TechCrunch)
  • Only 59 companies were GDPR compliant by 2019. (ZDNet)
  • 70% of companies think their data systems won’t keep up with future GDPR changes. (DataGrail)

Cybersecurity Statistics by Industry

Cybersecurity Statistics by Industry

86% of private sector companies reported significant revenue and business losses from ransomware in 2021. (Sophos)

Here are cybersecurity statistics for different industries:

Ransomware Attacks and Breaches in Healthcare Industry

The cost of a data breach in 2022 was the highest in healthcare, at an average of $10.10 million, a 9.4% increase from 2021. (UpGuard)

  • 93% of healthcare organizations suffered from data breaches from 2017 to 2020. (Herjavec Group)
  • Healthcare data breaches increased by 11% from 2020 to 2021. (HIPAA Journal)
  • The number of HIPAA penalties increased in 2022, with 17 penalties announced by Office for Civil Rights (OCR). (HIPAA Journal)
  • It’s estimated that $21 billion was lost to ransomware attacks in 2020. (Comparitech)
  • WannaCry ransomware caused over $100 million in losses to the U.K.’s National Health Service (NHS). (Datto)

Ransomware Threat in Finance: What the Numbers Show

Value of Ransom Paid in Cryptocurrency

  • The value of cryptocurrency ransoms increased by over 70,000% from 2013 to 2020. (World Economic Forum)
  • Financial services have the largest number of exposed sensitive files accessible to everyone. (Varonis)
  • Large organizations’ employees have access to 20 million highly sensitive files, with one employee accessing 11 million daily. (Varonis)
  • Financial businesses take 233 days to detect and contain a data breach. (Varonis)
  • 10% of all attacks were financial breaches. (Verizon)
  • In 2013, the financial sector incurred the highest cost of cybercrime among all industries. (Accenture)

Ransomware Attacks on Government Sector – By the Numbers

Ransomware Attacks on Government Sector - By the Numbers

  • The government sector accounted for 11% of ransomware attacks in 2021. (Microsoft)
  • The U.S. government’s annual cyber security budget in 2022 was $9,387 million for C.F.O. Act agencies and $454 million for non-C.F.O. Act agencies. (Statista)
  • Total cyber security spending for CFO civilian agencies, excluding the Department of Defense, was $9.3 billion. (Statista)
  • 79% of nation-state attackers target government agencies, non-government organizations (N.G.O.s), and think tanks, with 58% of nation-state cyberattacks originating from Russia. (Microsoft)

Ransomware Attack Forecast: What’s in Store?

Cyber-attacks have caused massive disruptions and financial losses in recent years. The growing demand for cloud operations and convergence of IT and IoT has led to a heightened need for investment in cybersecurity infrastructure. As a result, cybersecurity is becoming increasingly crucial.

These trends are likely to persist into 2022 and beyond.

Ransomware Attack Forecast

  • By 2024, the cost of ransomware is projected to reach over $42 billion, rising to over $265 billion by 2031 (Cybersecurity Ventures)
  • The number of ransomware attacks is projected to surge 700% by 2025. (Gartner)
  • 75% of organizations will face multiple ransomware incidents by 2025. (Gartner)
  • By 2025, 30% of countries are expected to enact regulations for payments, fines, and negotiations with ransomware groups (Gartner). Currently, less than 1% of states regulate this. (Gartner)
  • As more users and businesses join the internet, cybercrime will continue to expand and target new victims.
  • Data privacy and protection regulations will become stricter due to the increase in ransomware attacks and their sophistication.
  • Social media organizations will have to enforce stricter oversight on information flow and sharing.
  • The threat landscape will continue to evolve, and the cybersecurity gap will remain a challenge.
  • Sensitive data remains vulnerable to data exfiltration.
  • As more IoT devices enter networks, the overall attack surface will increase.

Prepare for Ransomware with Backup and Disaster Recovery (DR)

Regardless of the current state of ransomware and other cybersecurity threats, it is crucial for all organizations to prioritize all aspects of their cybersecurity, particularly backup and disaster recovery.

  • StoneFly DR365V: Your all-in-one Veeam-ready backup and disaster recovery solution with air-gapped backups, immutability, and fast recovery options via direct VM spin up. Protect against ransomware attacks with ease.
  • StoneFly DR365VIVA: Add this purpose-built air-gapped and immutable node to your existing backup and DR system for unbeatable ransomware protection.
  • StoneFly Cloud Backup: Safeguard your critical data with air-gapped and immutable backups, replication, archiving, and quick recovery options. Enjoy peace of mind against ransomware attacks using 3-2-1-1-0 backup strategy.

Ready to protect your critical data from ransomware attacks and ensure quick recovery? Contact us today to learn how StoneFly’s backup and DR solutions, including air-gapped backups and immutability, can provide unbeatable protection and peace of mind. Let’s start a conversation and find the best solution for your organization’s needs.

Conti Ransomware: In-Depth Technical Breakdown

Conti Ransomware: In-Depth Technical Breakdown

Conti ransomware has earned notoriety, notably for its involvement in the Costa Rican government hack. Operating as a ransomware-as-a-service (RaaS) group, Conti specializes in infiltrating networks, encrypting crucial data, and extorting exorbitant sums of money. In...

Supply Chain Attack: The Achilles’ Heel of Enterprise Security

Supply Chain Attack: The Achilles’ Heel of Enterprise Security

Supply chain attacks have emerged as a formidable threat vector in the landscape of cybercrime, posing significant risks to enterprises of all sizes and industries. Among the various tactics employed by threat actors, ransomware attacks leveraging supply chain...

How to Set Up S3 Object Storage for Veeam Data Platform

How to Set Up S3 Object Storage for Veeam Data Platform

Veeam v12 introduced Direct-to-Object storage, enabling S3 object storage as the primary backup repository. Prior to this, S3 object storage integration relied on Veeam's Scale-Out Backup Repository (SOBR), using a performance tier and a capacity tier, which extended...

Watering Hole Attacks Unveiled: A Comprehensive Cyberthreat Overview

Watering Hole Attacks Unveiled: A Comprehensive Cyberthreat Overview

Watering hole attacks, akin to their namesake in the natural world where predators strategically position themselves near watering holes to intercept prey, have become a significant peril in the digital realm. In the vast landscape of cybersecurity, understanding the...

Man-in-the-Middle Attack: Cyberthreat Amidst Data Streams

Man-in-the-Middle Attack: Cyberthreat Amidst Data Streams

In the fast-paced arena of enterprise-level digital operations, the looming threat of cyber vulnerabilities demands our undivided attention. Among these threats, the Man-in-the-Middle (MitM) attack emerges as a silent, yet formidable, adversary capable of infiltrating...

You May Also Like

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email