How Many Ransomware Attacks in 2024?

Reading time: 17 min read
Maxym Chekalov
Written by
Maxym Chekalov

Updated · Jan 29, 2024

Maxym Chekalov
SEO Specialist | Joined June 2023 | LinkedIn
Maxym Chekalov

With a master's degree in telecommunications and over 15 years of working experience in telecommunic... | See full bio

Girlie Defensor
Edited by
Girlie Defensor


Girlie Defensor
Joined June 2023
Girlie Defensor

Girlie is an accomplished writer with an interest in technology and literature. With years of experi... | See full bio

Techjury is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more.

Ransoms are no longer just for kidnappers to collect. Now, this old trick has proven that even data can be held as prisoner. As of June 2023,, a crowdsourced ransomware payment tracker, estimates more than $280 million in payouts.

Ransomware is a type of malware that denies people access and businesses to their computer files. While certainly devastating for individuals, ransomware can be debilitating for companies and governments because hackers can expose sensitive information such as:

  • business secrets
  • confidential information
  • consumers’ personal data

In 2020, there were 304.6 million detected ransomware attacks worldwide. The next year, that number more than doubled to 623.3 million in 2021. 

No one wants to pay outrageous amounts to get their data back. Continue reading to learn more about ransomware and how to avoid becoming a victim.

Editor's Choice 

  • Ransomware has been around since 2017, with a total of 183.6 million incidents that year.
  • The most recurring entry point for ransomware attacks is phishing
  • A ransomware attack is valued at $4.54 million on average. 
  • The highest average ransom payments were in the manufacturing industry, amounting to $2.04 million
  • In 2022, one in 42 healthcare organizations was attacked.
  • Healthcare will most likely settle the ransom demands, ranking first with 61% of organizations paying the ransom to get encrypted data back.
  • Only 2% of higher education institutions retrieved their data after ransom payments.

Some popular examples:

  • Colonial Pipeline reported a ransomware attack, halting operations and specific I.T. systems.
  • After stealing 150 GB of data, DarkSide demanded $7.5 million in Bitcoin from Brenntag.
  • Vice Society stole 500 gigabytes from LAUSD's networks over Labor Day weekend.

How Many Ransomware Attacks Are There? 

Despite advances in cybersecurity, there were 493.33 million ransomware attacks detected all over the world.

Traditional methods and outmoded practices are no longer enough for data protection. A proven lucrative gig, cyberattacks drained the world of $6 trillion in 2022. That number is only expected to increase in the coming years.

Ransomware-related cyber attacks have been seeping through organizations' databases since 2020, doubling in 2021. As a result, businesses have taken tremendous measures to prevent ransomware attacks and preserve their data, but that doesn’t mean they are entirely safe.

Let’s delve further into the operation of ransomware and how much it’s grown since it first entered data systems.

Ransomware Attack Statistics

Ransomware is a common yet costly occurrence. There are around 1.7 million ransomware attacks daily, and costs are expected to increase by $265 million by 2031. 

Hackers can use ransomware to compromise organizational systems. As a tool for moneymaking mischief, hackers sneak malware into systems to increase their data breach capacity. 

Here are the most intriguing ransomware attack statistics from recent years: 

1. Ransomware has been around since 2017, with a total of 183.6 million incidents that year. 

(Statista, The Associated Press)

The increase in ransomware started in 2017 and climbed to servers quickly. In just a few years, there were already 623.25 million ransomware attacks in 2021.

An infographic reporting that 623 million ransomware attacks were recorded in 2021.

This is primarily due to problems adapting networks and supply chains for hybrid and remote work.

2. The volume of ransomware incidents will decrease by 23% in 2022. 


With the imminent danger of ransomware lurking around the corner, more companies and government organizations are taking extreme measures to increase government protection and general awareness of their data. The decrease in ransomware in 2022 indicates that precaution is taking effect.

3. 74% of construction companies surveyed say they'll pay for the ransomware.


74% of construction companies stated that their organization would pay in the event of an attack, while 51% from the tech sector and 43% from the utility or energy section.

A photograph outlining the top three industries willing to pay for ransomware.

For a construction company, being a victim of a ransomware attack entails several problems, such as: 

  • losing essential plans
  • halting the progress of large contracts
  • setting the company's reputation in danger

These issues may push the organization to settle the ransom demands. 

4. Email was the first point of contact for 69% of ransomware victims.


Phishing aims to trick the victim into sharing private information, such as passwords and card details. Almost 30% of phishing emails are opened, which increases the chances of downloading from suspicious links containing ransomware or malware. 

Since phishing emails are easy to send and garner faster responses, it is one of the top entry points for ransomware attacks.

Helpful article: Passwords are key to your online transactions. From social media to online banking, a leaked password can wipe out your online identity and finances in just a click. Check out some of our articles for more:

5. In 2020, 15 ransomware families used double extortion to maximize profits. 


Double extortion occurs when a ransomware attacker gains access to a victim's private network and discovers high-value data and assets to store on their storage network. The attacker will encrypt the data and demand a ransomware payment. 

If left unpaid, the criminal will sell the stolen assets and data or publish it for public consumption. This technique caused 1,200 incidents in 2020, resulting in numerous high-visibility data breaches.

Cost of Ransomware Statistics

4.1 billion records were compromised in data breaches in 2019, and it is one of cybercrime’s most lucrative tools.

The cost of ransomware attacks usually puts companies in a position where they will think about paying due to the value of data. Even if the organization decides to pay, recovery periods of ransomware attacks still entail.

Recovering from a ransomware attack also means spending more money to ensure the data's safe and the company won't be vulnerable to attacks again. 

With 4000 ransomware attacks happening daily, it’s almost impossible to keep count of those unfortunate enough to be victims. Let's check out these stats to see how devastating ransomware can be!

6. Data breaches cost an average of $4.35 million. 


In general, data breaches have become more expensive. Breach response costs grew by 13% over the past two years. The COVID-19 pandemic caused most organizations to adopt remote working in 2020–2021. 

7. The average value of a ransomware attack is $4.54 million. 


Companies need to shell out around $4 million to cover all the expenses incurred from a ransomware attack. This doesn't include the ransom payment, which can amount to around $800,000. 

An infographic showing that $4.54 million is the average ransom for a ransomware attack.

8. The highest ransom payments were in the manufacturing industry, amounting to $2.04 million. 

(Cybersecurity Dive)

Apart from the manufacturing industry, ransomware attackers target energy and utilities at $2.03 million. The lowest ransom payments were in the healthcare industry, valued at $197,000, and state governments at $214,000. 

9. Companies must account for the downtime of 22 days after ransomware attacks. 


Experiencing a cyberattack doesn't end with the ransom. Most companies spend 50 times the cost of the ransom payment to account for the downtime. Recovery costs, like lost productivity and hiring contractors to rush recovery processes, add up quickly. 

10. New York's Erie County Medical Center experienced a ransomware attack in which the attackers demanded $30,000. 


The organization didn't pay the ransom yet and still incurred expenses of $10 million. After all, crimes don’t necessarily end after a ransom is given. Companies have to spend money on new hardware and software, staff pay, and third-party cybersecurity consultants.

Safeguarding their businesses doesn’t come cheap either, and global estimates predict that the cybersecurity market surpass $300 billion by 2024.


Apart from that, these attacks expose the weaknesses in a company's security systems. With this, the company will need to invest in expensive cybersecurity ventures to prevent a data breach from happening again. 

Healthcare Ransomware Statistics

Ransomware attackers always target industries with urgent needs, one of which is healthcare. Millions of lives are in danger when the data is compromised and inaccessible; this makes healthcare organizations more likely to pay a ransom as its a matter of life and death.

How important is data to healthcare companies? These statistics will tell you all about it: 

11. One in 42 healthcare organizations was the target of an attack in 2022, making them one of the most targeted industries.


Healthcare companies have sensitive data, such as financial information, medical records, and other personal data. These kinds of information make healthcare databases goldmines for identity theft, which makes people more vulnerable to fraud scams.


Healthcare providers are also more likely to pay the attackers' demands because they need that encrypted information to treat people.

12. From 2016 to 2021, the annual count of ransomware attacks doubled from 43 to 91. 

(Healthcare I.T. News)

While this number is alarming, researchers are also unsure about how accurate this statistic is as not all companies report ransomware attacks due to HIPAA; healthcare providers need not report incidents that show the low probability that patient information has been exposed. 

13. Healthcare will most likely settle the demands, with 61% of organizations paying ransom to regain encrypted data. 

(Sophos News)

Since many lives are put in danger because of ransomware attacks, most healthcare organizations don't think twice about paying the ransom demands of the attackers. This makes attackers more inclined to target this industry.

An infographic showing that 61% of the healthcare industry will pay ransoms during an attack.

Because healthcare systems need life-saving equipment and reliable hospital operations, attackers can demand quick and high ransoms. 

14. 54% of all analyzed ransomware attacks were reported to HHS outside HIPAA's required 60-day reporting window. 

(Health I.T. Security)

Even with a reporting window of 60 days, not all healthcare organizations can fulfill the ransomware report within the time frame. While this may make other statistics inaccurate, it's important to note that these healthcare companies still make the report to try and lessen the attacks in the future.

15. Only 4-7% of the health system's IT budget is invested in cybersecurity. 

(Astra Security)

While ransom payments for healthcare organizations may be lower than the average, it doesn't mean they shouldn't invest in cybersecurity. 


A data breach could entail many issues, such as lost productivity among doctors and clinicians, added expenses to transport patients to other medical institutions, and readjusting standard practices during downtime to keep treating patients.

16. 61% of data breaches that involve an insider are unintentional and caused by negligent insiders. 

(Healthcare Innovation)

In recent years, insider threats have grown significantly. From helping land new jobs or stealing and exposing confidential data out of spite, insider threats can cause immense harm to an organization. Some even resort to extortion for profit. 

However, sometimes all it takes is a negligent employee to spiral into a full-blown ransomware attack. Insider threats in an organization may be careless workers, inside agents, disgruntled employees, and third parties.

However, it’s reported that most of the threats were careless workers unaware of security policies and could not attend security awareness training.

17. Healthcare organizations that paid the ransom got back only 65% of their data in 2021, down from 69% in 2020. 

(Sophos News)

Most healthcare organizations settle the ransom payment to retrieve their data quickly. However, it only sometimes works in their favor. Fewer data is recovered even after paying the ransom. Only 2% of those that settled in 2021 got 100% of their data back, down from 8% in the previous year. 

Ransomware Cases Examples

Cyber attackers target companies with deep pockets. Organizations and companies holding valuable data will be more than willing to settle the ransom payment to regain access to their data. 

What are some notable cases of ransomware attacks? Learn more below.  

18. Sodinokibi (REvil) was behind the ransomware to Travelex, demanding $6 million.


Travelex was attacked by Sodinokibi (REvil), a private Russian ransomware-as-a-service (RaaS) operation, in January 2020. The ransomware attack led the attackers to acquire 5 G.B. of sensitive client data, including birth dates and credit card information. 


Sodinokibi told Travelex that if the ransom were paid, they would delete the data they had. If unpaid, the ransom will double every other day. This forced the forex company to pay $2.3 million in Bitcoin and was able to restore their systems after 14 days.

19. DarkSide demanded a $4 million ransom from Colonial Pipeline.


DarkSide infiltrated Colonial Pipeline's network, which provides 45% of the East Coast's fuel, and demanded $4 million as a ransom. The company decided to pay the ransom when the demands were made. As a result, the company shut down for six days.

In the meantime, several local government officials declared states of emergency. They assured the public they did not need to hoard gas. However, panic buying still occurred in 11 states.

20. After stealing 150 GB of data, DarkSide demanded $7.5 million in Bitcoin from Brenntag. 

(Touro College Illinois)

After successfully attacking Colonial Pipeline, DarkSide targeted Brenntag, a chemical distribution company. Brenntag was forced to settle the ransom. Despite the amount, it's still recorded as one of the highest ransomware payments in history.

21. Lapsus$ claimed responsibility for the attack against Nvidia in 2022 and demanded a $1 million ransom.


Lapsus$ has a history of using ransomware to attack other big tech companies like Samsung, Impresa, T-Mobile, and Microsoft. They attacked Nvidia, the largest semiconductor chip company.


Nvidia confirmed that a threat actor leaked employee information and proprietary details online. 

22. CHI Health was hit by a ransomware attack that compromised patient data and affected their daily operations. 


The hospital chain experienced a ransomware attack that compromised patient information. Fortunately, CHI Health acted quickly and secured its infrastructure to ensure continuity of care for patients. 

Employees and nurses shared that they've been forced to do everything manually, including charting patient data, which takes them longer than usual. Edward Porter, who has diabetes, could not reorder sensors for his glucose monitor as the CHI Health System was offline. 

23. Curo Fund Services could not access I.T. systems for five days after a ransomware attack. 

(Black Fog)

The investment organization investigated the attack's origin, scope, and nature to assess any data breaches. Curo Fund Services claims to have already taken drastic steps to implement additional security, which can keep them safe from further unauthorized access. 

Unlike other companies, this investment group did not engage with the attackers and instead focused its energy on restoring its operations with the help of third-party specialists. 

24. LockBit tried to get $80 million from the U.K.'s Royal Mail. 

(Malware Bytes Labs)

Lockbit, one of the five most dangerous cyber threats facing businesses in 2023, posted 126 victims on its site early in 2023. They targeted the U.K.'s Royal Mail, a significant operation that ships to 231 countries worldwide.

The cyber attackers demanded $80 million from them in January. LockBit negotiated down to $40 million, but it still needs to be determined if the Royal Mail paid this amount. 

Ransomware Education Statistics

The education sector is highly vulnerable to hackers as it holds skills information, budgetary and financial data issues, and their overall lack of preparation.

Usually, data exfiltration is the primary goal of ransomware criminals - because the integrity of the data is essential to the schools and the students, faculty, and staff within them. 

Holding this information at ransom makes it more probable for the organization to settle the demands. 

Let’s check out how ransomware is picking on the education sectors.

25. Ransomware attacks on education increased from 44% in 2020 to 56% in lower education and 64% in higher education in 2021.

(Sophos News) 

Unfortunately, no one is safe from ransomware attacks. Even schools have been hot targets for hackers, with students and employees bearing the brunt of having their private information leaked online. 


A recent addition to the numbers is Minneapolis Public Schools. After refusing to pay, 300,000 files full of confidential information were dumped on the internet. Sexual assaults, psychiatric records, parental abuse, and others, all on top of leaked social security numbers of employees, were exposed.

Since the education sector limits its budget against cybersecurity, they're an obvious target for hackers. The rate of ransomware attacks in education is rising daily, reflecting the success of the RaaS operation to get into schools' data systems effectively.

Even if an educational institution is insured, it might still have difficulty recovering the ransom. This is due to the high rate of ransomware events in this sector, which forces them to improve their cyber defenses and security to improve their cyber insurance standing.

26. 67 individual ransomware attacks affected 954 schools and colleges, potentially impacting 950,129 students. 


Educational institutions have an estimated amount of $3.56 billion in downtime alone. Most have also incurred massive recovery expenses when restoring their programs and computers. Also, their cybersecurity improvement processes add to the list of costs during a ransomware attack. 

The attack against Lincoln College was devastating. Unfortunately, this 157-year-old school had to shut down permanently. The cyber attack impacted their systems, causing a shortfall in enrollments, which meant the school could no longer operate. 


27. Vice Society took the lead with 9 publicly disclosed attacks. 

(Security Boulevard)

14 schools in the U.K. have been reported to be attacked by ransomware, which was attributed to the RaaS group named Vice Society. 

They were said to leak data such as passport scans of students and parents, contractual offers for staff, headmaster's salary, Special Educational Needs (SEN) information, and student bursary fund recipients. 

28. The K–12 Cybersecurity Center reported 408 incidents across 377 school districts in 40 states in 2020-2022. 


Since online classes have started, most educational institutions must adapt to the new practices and shift to this learning environment. Most schools needed help with these processes and required more preparation. This meant their systems had many weak points and vulnerabilities, which the hackers used to their advantage. 

29. Vice Society breached the Los Angeles Unified School District's networks and grabbed 500 TB of data.

(Cybersecurity Dive)

Among the 17,000 school districts across the U.S., the Los Angeles school system is the second biggest in the country, after New York City. Officials in L.A. claimed there was no response to the ransom demand. The RaaS group stole sensitive data, such as contractors' personal information and Social Security Numbers (SSNs). 


30. Higher education institutions are more likely to pay a ransom, yet only 2% reported that they retrieved it.


Lower education respondents in the Sophos worldwide survey recovered 62% of their data after paying the ransom, while higher education at 61%. This is a step down from the 68% recovery rate in 2020. 

It also took 26% of lower education respondents and 40% of higher education ones more than 30 days to recover from the attack. Experts say that most higher education institutions recovered most, if not all, of their data within 3-4 weeks. However, it would still take months to fully repair and improve their cyber security defenses. 


Ransomware is rapidly becoming one of the most dangerous and threatening malware to hit the digital age. Organizations are put at a standstill when this occurs, forcing them to decide how valuable their data is. 

Some companies and organizations fall due to compromises within their internal security and servers. This should be a warning sign to all using online servers to caution against ransomware. Companies should add more security measures to improve their cybersecurity practices and defenses

Employees need practical training and routine checks to ensure they're not accidentally leaking anything. I.T. systems and databases should have regular backups so that they're not entirely blind when an attack like this occurs.

Frequently Asked Questions.

How does a computer become infiltrated with ransomware?

Malware is often spread through phishing emails. Attackers also use drive-by downloading, which occurs when a user is unaware that they've visited an infected website or link that automatically downloads the malware without them knowing. 

Why is ransomware so effective?

Apart from capitalizing on the importance of the data they steal, attackers also focus on the users' fear. They will use their virus to incite fear and action to victims.

How can I avoid a ransomware attack?

You can prevent ransomware by regularly updating your software systems, filtering phishing emails and suspicious links, and storing backup data on separate devices.

How can I limit receiving phishing emails?

You may use a strong spam filter in your and your organization's email stream. You may also assign someone to scan incoming and outgoing email messages to detect threats and prevent infiltration.  

Should I pay when I get attacked by ransomware?

The short answer is no. There have been reports of organizations not paying the ransom demands and still finding a way to recover their data.

Instead, you should invest your money in legitimate cybersecurity firms to help you protect your data systems from hackers.


Facebook LinkedIn Twitter
Leave your comment

Your email address will not be published.