Hoping for a better 2022? Back up your data.
After a chaotic and surreal couple of years, 2022 is already stretching our collective limit. The system is once again buckling under the weight of the pandemic, businesses are pivoting (or shuttering) in response to new challenges, political turmoil continues around the world — and ransomware is now a national security threat.
Organized cyber gangs continue to ruthlessly attack enterprise organizations, from government and financial institutions to critical infrastructures such as transportation and hospitals. Ransomware-focused threat actors like FIN12 are using the healthcare industry for target practice — taking advantage of known vulnerabilities — and becoming more efficient and nimble with their methods by the day. And ransom demands are soaring to record levels.
2021 was the "Year of Ransomware," and the projections for 2022 are even more harrowing. Cybersecurity pundits will have to get creative when they name 2022: We expect the declaration of the "Year of Ransomware" to become as redundant as the "Year of Cybersecurity."
Ransomware Attack Statistics for 2022
1. Ransomware is the fastest-growing cybercrime.
A report by Cybersecurity Ventures estimates that an organization will be attacked by ransomware every 11 seconds.
2. Ransomware and extortion attacks bring in a level of profit that matches the budgets of nation-state attack organizations.
And that’s only the publicly reported earnings. Consider that an estimated 75% of ransomware attacks go unreported and you’ll begin to grasp how lucrative “ransomware as a service” (RaaS) has become.
3. Ransomware costs are projected to rise 1225% in less than ten years.
Annual damages from ransomware are projected to rise 1225% by 2031, up to $265 billion per year.
4. REvil broke the record for ransomware demands with a $70 million price tag.
The previous record occurred just four months prior at $50 million.
5. The average ransom paid by mid-sized organizations was $107,404.
And that number will only increase, especially with the growing prevalence of double extortion.
6. The average ransom paid by healthcare organizations in 2021 was $131,000.
Considering what's at stake for a healthcare facility — lifesaving machinery, confidential patient information, and lives (people died from malware in 2021) — it's no surprise that the ransom payouts are higher in healthcare than other industries. Regardless of payout, victims' data was leaked in at least 72% of the incidents (an additional 15% didn't know if data was compromised).
7. The average cost of recovery from ransomware across all industries is $1.85 million.
The average cost of a ransomware attack is $1.85 million when you consider factors like downtime, lost business, and damaged reputation in addition to the ransom paid.
8. Larger organizations reported more ransomware attacks.
Almost half (42%) of companies with 1,001-5,000 employees were hit by ransomware in 2021 — compared to 33% of smaller companies.
9. Almost a third of organizations attacked by ransomware paid the ransom.
It might seem easier to quietly pay off cybercriminals rather than deal with an embarrassing public fallout and sky-high fines — but it’s a spectacularly bad idea. Instead, follow protocol and alert the authorities immediately.
10. A staggering 43% of organizations in the energy, oil, gas, and utilities sectors reported making ransom payments.
42% of local governmental organizations, 35% of organizations in the education sector, and 34% of healthcare organizations also reported meeting the ransom demands.
11. On average, just 65% of a victim's data is restored after payment.
It’s just one of many reasons why the FBI advises against paying ransoms. Read More: Should Hospitals Pay Off Cyber Terrorists? What to do after a ransomware attack.
Don't become another ransomware statistic in 2022.
Change and adapt to the new cybersecurity landscape because things will only get more challenging as cybercriminals hone their skills and tactics. Regularly back up your data — it's expected in today's cyber minefield. Educate yourself and your employees about the latest threats, and review your defenses against escalating attacks. Don't settle for anything less than the utmost vigilance and cutting-edge cybersecurity protocols.