ransomware stats article
Ransomware by the numbers

Posted with permission from Enterprise.nxt from Hewlett Packard Enterprise, written by Larry Seltzer

Many businesses and governments choose to pay tens or hundreds of thousands of dollars to ransomware attackers rather than suffer millions in recovery losses.


The percentage increase in detections of ransomware by Malwarebytes business customers from Q2 2018 to Q2 2019. At the same time, detections on consumer devices have actually decreased, probably indicating that ransomware perpetrators realized that the real money is in attacking businesses.


The number of patient records completely lost by Wood Ranch Medical, a small clinic in Simi Valley, California, as a result of a ransomware attack. The attack forced the medical practice to permanently shut down.


The average number of days a ransomware incident lasts, according to Forrester Research.


The number of victims of the 2017 WannaCry attack on the first day.

$30 million

Losses due to the SamSam ransomware, according to the U.S. Department of Justice in announcing the indictment of two Iranian men for using SamSam to extort “more than 200 victims [including] hospitals, municipalities, and public institutions.” Actual ransom revenues were “over $6 million,” it said. “Among the victims named were “the city of Atlanta, Georgia; the city of Newark, New Jersey; the port of San Diego, California; the Colorado Department of Transportation; Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Nebraska Orthopedic Hospital, now known as OrthoNebraska Hospital, in Omaha, Nebraska; and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.”


The number of unsecured MongoDB instances that had their data wiped in an attack demanding a $650 ransom for restoration. Poor configuration is a common characteristic of systems attacked by ransomware.


The average number of mobile ransomware threats blocked per month in 2018, according to the Symantec 2019 Internet Security Threat Report. The trend was up at the end of the year.


The percentage of mobile ransomware threats detected in the U.S., according to the Symantec 2019 Internet Security Threat Report. By contrast, the same report says the U.S. experiences 13 percent of overall ransomware attacks, behind China (16.9 percent) and India (14.3 percent).

$325 million

The dollar damage caused by Cryptowall, one of the most severe ransomware attacks beginning in 2014, says Cytelligence. The ransom paid was at least $18 million. Cryptowall didn’t just encrypt files and blackmail victims. It “deleted shadow copies of files to hamper restoration efforts, attempted to obtain passwords, and tried to access Bitcoin wallets.”

$10 billion

The total dollar damage caused by the infamous NotPetya attack, according to a White House assessment given to Wired. NotPetya asked for ransom, but it also destroyed files and provided no way to recover them. Many large corporations suffered damages in the hundreds of millions of dollars. Wired calls NotPetya an act of cyberwar by the Russian military, aimed at Ukraine, that spilled out and caused havoc in the rest of the world.


The year the AIDS Trojan was released. AIDS was an early, and perhaps the first, example of ransomware. It was distributed through a mass mailing (not emailing, actual post office mailing) of diskettes (if you don’t know what these are, ask your parents) with a label of “AIDS Information Introductory Diskette Version 2.0” and instructions to put them in drive A: and reboot the computer. This installed a Trojan horse program, which, after 90 more reboots of the computer, encrypted file names and performed other malicious acts to make the system unusable. The program then announced that you were running PC Cyborg software and that you needed to pay $189 to a post office box in Panama in order to get your files back.


The percentage of ransomware victims in 2019 who paid the ransom but still didn’t get their data back, according to the CyberEdge Group 2019 Cyberthreat Defense Report. Of the rest of the victims, 27.6 percent paid the ransom and recovered their data, 10.6 percent refused to pay and lost the data, and 44.4 percent refused to pay and recovered the data on their own.


The difference in dollars between what it cost the city of Baltimore to recover from its ransom attack and the ransom demanded. More specifically, the attackers demanded 13 bitcoin (at the time about $76,000) while it cost the city $18 million to recover without paying the ransom.

This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.
Copyright 2020 Hewlett Packard Enterprise Development LP.  Originally published on Hewlett Packard Enterprise’s thought leadership platform “Enterprise.nxt,” written by Larry Seltzer https://www.hpe.com/us/en/insights/articles/ransomware-by-the-numbers-2001.html. Reproduced with Permission.

Contact us to learn more about how you can secure your infrastructure and mitigate ransomware risk.