Ransomware Attacks – The Biggest Threat of 2024
Ransomware attacks are some of the most devastating and impactful malware events due to their extensive damage and widespread effects. The effects of a ransomware attack can range from the expected financial losses to the more severe legal problems, depending on the situation.
While these types of breaches have been around for a long time (the first recorded ransomware attack was back in 1989) their impact has grown visibly over the last several years. The number of ransomware attacks has almost doubled between 2017 and 2020 and then doubled again the following year.
Starting with 2021, the attacks have been on a downward trend, but that doesn’t mean that the situation is any better.
Highlights
- Organizations have paid an accumulated $939.9 million in ransom during 2021
- The average cost of a ransomware attack in 2023 was $1.85 million
- 2023 recorded up to 1.7 million ransomware attacks every day globally, with an average of 19 attacks per second
- Up to 90% of ransomware attacks are unsuccessful in the sense that the victim’s system is not breached
- 63% of ransomware victims are small businesses
- The manufacturing industry has been the most targeted in 2022, with manufacturing organizations reporting a total of 437 successful breaches
- BlackCat and Black Basta ranked as the most impactful ransomware actors in 2023, covering 15.5% of the market share
- Up to 34% of ransomware attacks resulted in a ransom payment in the second quarter of 2023
- The average amount of ransom paid in the second quarter of 2023 doubled compared to the first quarter, jumping from $328,000 to $740,000
- The 3rd quarter of the same year recorded an average ransom value of $850,000, while the 4th quarter amounted to $568,000
- Up to 20% of successful ransomware attacks translate to reputational damages only
- 47% of the organizations targeted by ransomware attacks are based in the US
- Up to 93% of ransomware files are based on Windows executables, the next in line being Android with 2.09%
These statistics are constantly changing with time and not necessarily for the better. While the frequency of ransomware breaches slowed down visibly in the 4th quarter of 2023, the situation doesn’t look any better for 2024. That’s because attack frequency is just part of the problem.
An even scarier one is the emergence of specialized ransomware actors making use of advanced tools and tactics. These can both increase the amount of data being stolen and cause more financial and reputational damages along the way.
The Impact of Ransomware Attacks Over the Years
Ransomware breaches have impacted local and global organizations for years and the trend is still going strong. Cyber-defenses have become more sophisticated as a result, as organizations worldwide have also started training their staff to identify and circumvent threats.
There is currently an ongoing war between ever-evolving ransomware entities and cybersecurity experts looking to nullify their efforts. Here is an overview of the last 4 years of ransomware breaches against private and public entities:
| The Impact of Ransomware Attacks (2020-2023) | |||
| 2020 | 2021 | 2022 | 2023 |
| There have been 304.64 million ransomware attacks | 15.45% of internet users worldwide have experienced at least one ransomware attack | 236 million ransomware attacks occurred globally within the first half of the year | 72.7% of businesses worldwide have been targeted by at least one ransomware attack |
| The financial losses in 2020 were 225% higher than the previous year | Between January and July, ransomware attacks produced losses of up to $16.8 million | Only 13% of the organizations targeted by a ransomware attack didn’t pay the ransom | Around 33% of the victims who paid the ransom didn’t recover their stolen data anyway |
| 66% of organizations have reported a significant loss of revenue following a ransomware attack | There have been close to 500 million ransomware attacks in the first half of the year | 493 million ransomware attacks occurred globally over the entire year | Spam/phishing emails make up 54% of the leading causes of ransomware attacks |
| 53% of organizations have experienced brand and reputational damages following a ransomware attack | Apple was hit in April by REvil and Sodinokibi, with the attackers asking for a staggering $50 million ransom | The ransomware industry was worth $14 billion in 2022 | CryptoLocker was the most used type of ransomware strain, with a 52% share of the market |
| 29% of organizations were forced to fire employees following a ransomware attack | The same duo targeted the meat supplier JBS USA a month later, which was forced to pay $11 million in ransom | 71% of businesses worldwide have been targeted with a ransomware attack at least once | The healthcare industry was the most targeted sector in 2023 |
| 26% of organizations were forced to close | There have been 623 million attacks in total in 2021 | India was the most impacted, with 68% of businesses being hit at least once | Up to 63% of organizations reported that the attackers had been in their system for up to 6 months before being detected |
The statistics are clear: ransomware attacks are extremely profitable for the attackers and equally as devastating for the victims. More than a quarter of businesses targeted by a ransomware attack were forced to close. Another 30% of the organizations were forced to lay off personnel to avoid closure.
On a positive note, around 68% of the victims reported that they managed to recover their data within a year, even without paying the ransom. Unfortunately, 33% of the victims didn’t, even after paying the ransom. This goes to show that ransomware attacks are bound to inflict lasting damages, whether the ransom is paid or not.
Ransomware Attacks Chart by Country 2022-2023
Ransomware operations have affected all countries to some degree, but some have been more impacted than others. The following is a 2022-2023 chart, recording the share of the most impacted nations worldwide within a 1-year span.
| Ransomware Attack Trend (2022-2023) | ||
| Singapore | 65% | 84% |
| Austria | 50% | 84% |
| Australia | 70% | 80% |
| South Africa | 51% | 78% |
| Switzerland | 60% | 75% |
| Spain | 71% | 75% |
| India | 78% | 73% |
| US | 48% | 68% |
| Brazil | 55% | 68% |
| Italy | 61% | 65% |
| France | 73% | 64% |
| Germany | 67% | 58% |
| Japan | 61% | 58% |
| UK | 57% | 44% |
| Global Average | 66% | 66% |
As the table shows, only a handful of countries have managed to thwart the trend. These are France, Germany, Japan, UK, and India by a small margin. The rest of the countries have experienced considerable increases in the number of attacks, sometimes by more than 50%, as is the case with Austria and South Africa.
The Most Impactful and Active Ransomware Gangs in 2024
A 2024 Zscaler TreatLabz report identified a total of 391 ransomware organizations over the years, many of them still active today. 19 new ones emerged between April 2023 and April 2024. Here is a table showcasing the most influential and impactful ransomware actors in the world today:
| Most Active Ransomware Gangs for Q2 – 2024 | |
| Family | Number of Victims |
| LockBit | 211 |
| Play | 96 |
| RansomHub | 75 |
| Incransom | 66 |
| Medusa | 65 |
| Akira | 57 |
| 8Base | 54 |
| BlackBasta | 53 |
| BlackSuite | 50 |
| HuntersInternational | 48 |
According to the statistics, LockBit is responsible for 16.5% of all ransomware attacks in 2024 so far. The gang is followed by Play, sitting at almost half that with 7.5%. Between the 2, the most impacted countries are the US, Canada, Mexico, Spain, and the UK, with business service, retail, and manufacturing being the target-industries of choice.
The 10 Most Impacted Countries and Industries in 2024
While ransomware attacks occur virtually everywhere around the globe, some countries are more impacted than others. This is likely due to them serving as hubs to flourishing industries, providing hackers with higher projected gains.
Unsurprisingly, the US takes the first spot as the recipient of the most attacks, followed by the UK and Canada.
The following table records the 10 most impacted countries in 2024:
| Country | Number of Successful Attacks |
| US | 611 |
| UK | 85 |
| Canada | 66 |
| Germany | 49 |
| Italy | 42 |
| Brazil | 38 |
| Spain | 38 |
| France | 36 |
| India | 24 |
| Austria | 19 |
When it comes to the most impacted sectors, the business services one is the #1 target, recording 28.5% of the total ransomware cases. Retail and manufacturing come next, along with several others.
Here are the 10 most targeted industries in Q2 2024:
| Sector | Number of Successful Attacks |
| Business Service | 305 |
| Retail | 185 |
| Manufacturing | 124 |
| Construction | 58 |
| Government | 58 |
| Finance | 58 |
| Healthcare | 55 |
| Transportation | 51 |
| Technology | 47 |
| Education | 36 |
While ransomware hackers can target any industry and any organization at any point, it’s clear that they prioritize those with the highest return rate. This is especially true for high-profile gangs like LockBit, Medusa, and Dark Angels, who’s victimology comprises almost exclusively of medium and high-end businesses.
The Most Recent High-Profile Ransomware Hits – The Big Game Hunting Trend
With millions of ransomware attacks per year, it comes as no surprise that even industry giants sometimes fall victim to planned hits. Especially in a climate that breeds whale-hunters. The notion of Big Game Hunting isn’t new in the ransomware sphere, but it reappeared in the public perception along with the most recent high-profile ransomware event.
Earlier this year, an undisclosed top 50 corporation was allegedly forced to pay $75 million in ransom to Dark Angels. The latter is a well-known whale-hunter who’s made it its identity to only target the top 1% of corporations; the ones with the promise of the highest gains. The $75 million that Dark Angels almost doubled the previous record of $40 million, paid by the insurance giant CAN Financial back in 2021.
These are not the only high-profile hits. The following is a list of the most prominent ransomware operations, regardless of whether any ransom was paid:
- The meat processing provider, JBS USA, had to pay $11 million in June, 2021, to REvil after a debilitating attack
- In May 2021, the Colonial Pipeline’s IT systems were penetrated by DarkSide, which stole over 100 GB of data, forcing a ransom payment of $4.4 million (75 bitcoins)
- In 2022, the ransomware gang BlackCat stole 1.6 TB of data from Swissport, a 3-billion-euro corporation with 310 airports in 50 countries – losses unknown
- In January 2023, a ransomware attack took ION Cleared Derivatives’ systems offline
- Same year, the Clop ransomware stole the confidential data of over 18 million individuals and hundreds of corporations by hacking MOVEit Transfer
These are just a handful of the numerous ransomware breaches that take place every day at a global scale. While the overall number of ransomware attacks has decreased visibly in 2024, their severity has increased. Part of that is due to the Big Game Hunting philosophy that’s being seemingly embraced by an increased number of ransomware organizations.
The Ransomware Trend in 2024
According to Chainalysis, 2023 recorded $1 billion in ransom payment losses. The problem? The trend seems to place itself on an upward trend for 2024. Veteran ransomware gangs like LockBit, Medusa, Play, BlackBasta, and RansomHub are constantly recruiting for more professionals and affiliates to enhance their capabilities.
ReliaQuest identified 1,237 organizations on leak websites in Q2 of 2024 making up for a 20% increase from Q1. Looking at the raw numbers, June recorded 45 attacks, which is low compared to other months, but the truth is deceiving. As BlackFog reported, the number of unreported attacks for the month was 775% higher than that of the reported ones.
On the good side of things, efforts are being made to reverse the trend. Most organizations have adopted a variety of defensive tactics, including staff education and enhanced cybersecurity measures. In a climate where attackers and victims compete with each other over the same assets, the future remains uncertain for now.
Sources
Famous Ransomware Attacks in History – Tulsa University
Annual number of ransomware attempts worldwide from 2017 to 2023 – Statista
Must-Know Ransomware Statistics, Trends and Facts – NinjaOne
Ransomware – Statistics & Facts – Statista
Report: Ransomware Attacks and the True Cost to Business – CyberReason
Ten of the Biggest Ransomware Attacks of 2021 – CyberReason
RANSOMWARE STATISTICS: HOW BAD ARE RANSOMWARE ATTACKS IN 2024? – SearchLogistics
Ransomware Statistics and Ransomware Trends – Fortinet
70+ Notable Ransomware Statistics And Trends 2023 – Enterprise Apps Today
Ransomware Groups Report 2024 – Q2 – CyberInt
Record-Breaking $75 Million Ransom Paid To Dark Angels Gang – Forbes
ThreatLabz 2024_Ransomware Report – ZScaler
Colonial Pipeline hack explained: Everything you need to know – TechTarget
10 of the Biggest Ransomware Attacks in History – GetAstra
The Latest 2024 Ransomware Statistics (updated June 2024) – AAG
Crypto ransom attack payments hit record $1 billion in 2023 – Chainalysis – Reuters
