Ransomware - statistics & facts
Ransomware encounters worldwide
Throughout 2024, the United States was the country targeted the most by ransomware attacks. In the measured year, over 1.3 million ransomware attacks targeting the U.S. market were detected. Meanwhile, Thailand ranked second, with 1.1 million detections. The monthly number of ransomware detections peaked in November 2024, totaling 632 attempts.Leading ransomware groups
In the United States, certain ransomware variants are gaining prominence. Some of them have been around for a long time, and some appeared only recently. In the third quarter of 2024, Akira and RansomHub were the leading ransomware variants, with a combined 25 percent market share. In 2024, Clop ransomware was the most commonly mentioned type of ransomware on the dark web.Targeted industries
Ransomware attacks usually target organizations that are mission-critical, such as healthcare, finance, manufacturing, and government organizations. Often, victims give up and pay the ransom, fearing causalities. This, in itself, is a serious issue, confirming to threat actors the profitability of cybercrime. Industrial ransomware is one of the most common concerns for critical infrastructure. As manufacturing includes various kinds of production, such as metal products, automotive, and industrial equipment, it is a highly targeted sector by ransomware attacks. Financial institutions are also targeted quite often. In this case, the attackers still intend to steal money and a huge amount of sensitive user data. In 2024, of 3,336 cyber incidents were detected in financial institutions worldwide, 927 caused leakage of sensitive data.The average amount of ransom payments increased
In the third quarter of 2024, 32 percent of ransomware attacks worldwide resulted in a ransom payment, down from 41 percent in the previous quarter. Between 2023 and 2024, the amount of money received by ransomware actors worldwide saw a slight decrease, going from 1.2 billion U.S. dollars to nearly 814 million U.S. dollars. Additionally, the average amount of ransom payments in the United States reached nearly 490,000 U.S. dollars.The beginning of the 鈥渞ansomware epidemic鈥
In May 2017, computers using the Microsoft Windows operating system were targeted by the WannaCry ransomware attack. Attackers used the EternalBlue exploit, developed by the United States National Security Agency (NSA). The attack spread fast, infecting around 300,000 computers. The investigation found that a significant part of the attack was spread because of the uninstalled patches released by Microsoft. The attack was stopped a few hours after the launch and became what security experts call 鈥渢he beginning of a ransomware epidemic.鈥Ransomware can be very costly and cause significant damage to the organizations. Given time, it only becomes more serious and sophisticated. In this case, automated systems are needed to provide direct and constant protection, especially to the most critical industries. Specialists working in IT security know this very well but are often not provided with the necessary resources.








































