2017 ransomware statistics do not make for pleasant reading. Ransomware attacks continued to increase, the cost of mitigating attacks rose, and the number of ransomware variants in use has soared. Further, there are no signs that the attacks will stop and mounting evidence that the ransomware epidemic will get worse in 2018.

Key 2017 Ransomware Statistics

We have compiled some of the important 2017 ransomware statistics from research conducted by a range of firms over the past few months.

Kaspersky Lab’s research suggests ransomware attacks on businesses were happening every 2 minutes in Q1, 2017, but by Q3 attacks were far more frequent, occurring approximately every 40 seconds. Cybersecurity Ventures predicts the frequency of attacks will increase and by 2019 there will be an attack occurring every 14 seconds.

Cybersecurity Ventures also predicts ransomware will continue to be a major problem for businesses throughout 2018 and 2019, with the total cost of ransomware attacks expected to reach $11.5 billion by 2019.

The healthcare industry is likely to be heavily targeted due to the relative ease of conducting attacks and the likelihood of a ransom being paid. Cybersecurity Ventures predicts there will be a fourfold increase in ransomware attacks on healthcare organizations by 2019.

While research from IBM in 2016 suggested 70% of businesses pay ransom demands to recover data, in 2017 the percentage dropped considerably. Far fewer firms are now considering paying ransoms to recover data.

Symantec’s 2017 Internet Security Threat Report indicates ransom demands increased by 266% between 2015 and 2017.

There is considerable variation in published 2017 ransomware statistics. Malwarebytes reports there was a 90% increase in ransomware attacks in 2017. Beazley reports the increase was 18% and the healthcare sector accounted for 45% of those attacks. A recent McAfee Report puts the rise in ransomware attacks at 59% for the year, with a 35% quarter-over-quarter increase in attacks in Q4.

Microsoft’s Security Intelligence Report indicates Asia had the highest number of ransomware attacks in 2017, with Myanmar and Bangladesh the worst hit countries. Mobile devices that were the worst hit, with the most frequently encountered ransomware variant being LockScreen – an Android ransomware variant.

55% of Firms Experienced A Ransomware Attack in 2017

The research and marketing consultancy firm CyberEdge Group conducted a study that showed 55% of surveyed organizations had experienced at least one ransomware attack in 2017.  Out of the organizations that had data encrypted by ransomware, 61% did not pay the ransom.

87% of firms that experienced an attack were able to recover the encrypted data from backups. However, 13% of attacked firms lost data due to the inability to recover files from backups.

Organizations that are prepared to pay a ransom are not guaranteed viable keys to recover their encrypted files. The CyberEdge survey revealed approximately half of companies that decided to pay the ransom were unable to recover their data.

FedEx reported in 2017 that the NotPetya attack cost the firm an estimated $300 million, the same figure quoted by shipping firm Maersk and pharma company Merck. Publishing firm WPP said its NotPetya attack cost around $15 million.

Strategies are being developed by businesses to respond to ransomware attacks quickly. Some companies, especially in the UK, have bought Bitcoin to allow fast recovery. However, those that have may find their stash doesn’t go as far as it was first thought thanks to the decline in value of the cryptocurrency. Further, many cybercriminals have switched to other forms of cryptocurrency and are no longer accepting Bitcoin. A third of mid-sized companies in the UK have purchased Bitcoin for ransoms according to Exeltex Consulting Group.