Modern businesses are increasingly becoming dependent on digital systems to operate and thrive. This reliance, however, has also made them more vulnerable to cyberattacks, especially ransomware. In a ransomware attack, cybercriminals take control of a victim’s data, encrypting and rendering crucial files inaccessible. The cybercriminals then demand a ransom payment, usually in cryptocurrency, in exchange for the decryption key.
To better understand the evolving ransomware threat landscape, businesses should take note of the following statistics:
Ransomware attacks are on the rise, with a staggering 1.7 million attacks occurring every day, or about 19 attacks every second. During the first three quarters of 2023, there was an 83% year-on-year increase in ransomware victims.
In the first half of 2022, 10,666 new ransomware variants were introduced, double the number seen in the previous six months. Additionally, 10 new ransomware groups were also identified in the second quarter of 2023.
But ransomware attacks aren’t only increasing in number. Ransomware attacks are also becoming more sophisticated. Cybercriminals are increasingly leveraging Ransomware-as-a-Service (RaaS) platforms, which allow them to easily launch complex ransomware attacks without extensive technical expertise. In the first quarter of 2022, there were 31 RaaS groups worldwide, up from 19 groups in the same quarter of 2021.
Despite the alarming rise in ransomware attacks, 78% of organizations believe they are well prepared to prevent or mitigate an attack. However, the reality is starkly different, as half of organizations surveyed fell victim to ransomware in 2022. This disparity highlights a critical disconnect between perceived preparedness and actual vulnerability.
Try this ransomware simulator tool to test your network protection
Ransomware attacks are becoming more expensive. The average ransom payment in 2023 has skyrocketed to $1.54 million, nearly double the 2022 figure. Despite detecting ransomware incidents within hours, 71% of affected organizations have admitted to paying a portion of the demanded ransom. Paying the ransom, however, is an ineffective strategy, as 65% of respondents who paid the ransom couldn’t recover all their data after the attack. Moreover, 41% of organizations with cyber insurance did not receive the expected coverage or any amount at all due to exclusions in their policies.
Beyond ransom payments, ransomware attacks incur a multitude of additional costs, including those related to downtime, data recovery, and lost productivity. The overall cost of a ransomware attack amounts to an average of $1.85 million. This figure is expected to get higher, with experts predicting that ransomware will cost businesses around $265 billion annually by 2031, up from $325 million in 2015.
In 2022, the United States was the country most hit by ransomware attacks, with 217.5 million incidents. The United Kingdom followed with about a third of the attacks at 71 million, and Spain is a close third with approximately 53 million ransomware cases.
In the third quarter of 2023, the overall number of ransomware attacks targeting the US increased. However, the proportion of attacks directed against the US declined by 3.3%, indicating a shift toward other countries. The UK, in particular, experienced a surge in ransomware attacks, jumping from 59 victims in the second quarter to 83 victims in the third quarter, representing an approximate 40.7% quarter-over-quarter increase.
While no industry is immune to ransomware attacks, some are more susceptible than others. In 2023, the manufacturing industry was the top industry impacted by ransomware. Downtime due to ransomware leads to substantial losses for manufacturing companies, prompting them to pay higher ransoms, often exceeding $1 million. Meanwhile, the technology industries and retail and wholesale industries came in second and third as most impacted by ransomware.
As ransomware tactics become increasingly sophisticated, businesses must adapt their cybersecurity strategies to stay ahead of the curve. Investing in the right technologies, processes, and people is crucial to thwart potential attacks and safeguard valuable data assets.
The IT experts of Interplay can help your company build a robust cybersecurity posture that effectively defends against ransomware and other cyberthreats. Schedule a no-obligation evaluation of your network security today.