Ransomware continues to threaten U.S. organizations, with payments hitting a record $1.1 billion in 2023. As the number of incidents grows, so too does the number of organizations forced to reassess and strengthen their cybersecurity measures to avoid costly disruptions.
To determine the current state of ransomware, we surveyed the responses of 2,630,332 people in the U.S. over the course of a year, ending 28 October 2024. The results of this survey reveal key trends based on online engagement levels and reflect what people describe about their experiences.
What Ransomware Attacks Has Your Company Suffered?
Locky responsible for over 22% of attacks
With ransomware attacks showing no signs of slowing down, U.S. businesses face a mix of old and new threats. We’ve surveyed which ransomware types companies report battling most often.
Despite being some of the oldest players in the ransomware arena, Locky and WannaCry still dominate. Locky, notorious since 2016 for its adaptability, takes the top spot at 22.6%, while WannaCry, known for its global 2017 rampage, closely follows at 21.8%. These high figures suggest that many companies may still be vulnerable to these established strains.
REvil comes in third at 16.5%, boosted by its use of ransomware-as-a-service (RaaS), which makes it easier for a broader range of attackers to target businesses. Maze (9.2%), in 4th place, and Sodonokibi, in 8th, both employ double extortion tactics, adding pressure on companies by threatening data leaks if no ransom is paid.
The remaining ransomware attacks all use malicious software that encrypts a victim’s data, with Netwalker having the highest engagement levels of 8.5%, followed by Dharma (7.3%), NotPetya (5.8%), Ryuk (1.7%), and Cerber at just 1%.
What Was The Impact Of The Ransomware Attack On Your Organization?
Security measures hardest hit by over 15%
Ransomware hits companies where it hurts, and the ripple effects extend far beyond just the IT department. We unpack the graph below, revealing how businesses feel the impact the most.
Ransomware attacks demand immediate action, with our survey clocking up 15.3% engagement levels for organizations reporting requiring security upgrades to close exploited vulnerabilities—a common entry point in 32% of ransomware cases globally.
Customer trust was also heavily impacted, with 13.4% of organizations noting declining client confidence following data breaches. Financial losses were close behind at 13%, while operational disruptions affected 11.3%. Numerous insurance claims garnered 10.2% engagement, while significant data loss wasn’t far behind at 9.8%.
Tying at 7.5% was significant reputation damage and prevention strategies, both of which can come with a high price tag. Legal consequences and employee productivity also tied with 6%. These findings show that ransomware isn’t just a technical issue; it’s a full-scale assault on business operations and trust.
Which Devices Were Breached By Ransomware Attack?
Servers and databases bear the brunt of more than 50% of attacks
Ransomware doesn’t discriminate over device targets, but some systems are harder hit than others. Our survey reveals where businesses report the most breaches.
According to our data, those surveyed said that servers and databases are prime targets, with 25.4% and 25.1% of ransomware attacks hitting these critical systems. Network devices follow at 19.%, highlighting how attackers look to infiltrate the broader infrastructure, often as a stepping stone to other systems.
Backup systems—intended as a last line of defense—are compromised in 7.5% of cases, which is, fortunately, lower than another survey that found 96%of ransomware attacks targeted backup repositories. However, this is still a troubling stat, given their role in recovery.
Cloud services, desktops, and laptops also see breaches, though at lower rates, while mobile devices and IoT devices make up the tail end of the list at 3.2% and 3.0%. With printers at 1.5%, it’s clear that no device is entirely safe.
Which Teams Were Targeted By Your Ransomware Attack?
IT teams the prime targets by 23%
When ransomware infiltrates an organization, certain teams are hit harder than others. The graph below reveals where the attacks are landing.
As expected, IT teams top the list with 23% of attacks. Customer service follows at 18.7%, likely due to frequent external interactions via email that can create vulnerabilities, while executive (9.3%), HR (6.8%), and sales teams (6.4%) are also targeted for their access to sensitive data. R&D teams recorded 6.2% engagement, while legal was not far behind with 5.7% and finance at 4.7%. Marketing came in last, with just 2.9% engagement levels.
How Much Did The Ransomware Attacks Cost Your Organization?
70.7% of attacks cost organizations more than $10,000
The financial fallout from ransomware is severe, with most companies paying a hefty price. Our surveyed data reveals the typical costs of an attack.
According to the 2023 Verizon Data Breach Investigations Report, the average cost of a ransomware attack has more than doubled to $26,000 over the past two years. This correlates with the majority engagement levels (70.7% ) we surveyed. However, the second-highest engagement level (19.8%) recorded costs beyond $500,000, which is far beyond the average.
Mid-range costs between $100,000 and $500,000 affected 4.6% of organizations, and 2.9% faced costs between $10,000 and $50,000. Just 1.6% of those engaged reported costs of under $10,000, while only 0.3% faced losses of $100,000.
What Measures Have You Implemented To Prevent Ransomware Attacks?
21.7% of respondents fight ransomware attacks with regular backups
To stay ahead of ransomware threats, organizations are focusing on a mix of preventative strategies. These are the most and least common defense strategies implemented by our 2.6+ million respondents.
The data shows that 21.7% of organizations focus on regular backups, ensuring they can bounce back quickly after an attack. Incident response plans are close behind at 18.5%, while 16.7% prioritize updating software to close security gaps. Still, some crucial defenses are falling through the cracks. A 2023 Microsoft Digital Defense Report revealed that 21% of companies hit by ransomware didn’t have multi-factor authentication (MFA) on privileged accounts, which is an essential step to block unauthorized access.
Firewall protection got lower levels of engagement at 9.9%, antivirus protection at 9.%, and employee training at 7.2%. Interestingly, common IT risk mitigation strategies all scored minimal engagement, with network segmentation (6.9%), vulnerability assessments (5.1%), and access controls (4.4%) separated by a few points.
Lastly, with only 0.6% engagement recorded for using email filtering, many may be leaving a key line of defense against phishing wide open.
What Industry Is Your Organization In?
Healthcare gets highest engagement rates (27.7%) for ransomware attacks
Some industries attract more attention from cybercriminals. In the graph below, we see how the numbers stack up across different industries.
Healthcare leads with 27.7% of ransomware incidents, reflecting its vulnerability given the high value of patient data and the need for uninterrupted care. With IBM reporting that the average healthcare data breach costs $10.93 million, attackers are seeing major payoffs in this sector. Technology companies follow at 22.1%, while retail ranks next at 15.2%. Government services also draw attention at 10.9%, as disrupting these systems can have widespread effects.
Engagement levels then dip down to 6.1% in manufacturing, 404% in finance, and transportation at 4%. Hospitality and the education sector only attained minimal engagement, tying at 3.6% each, while energy came in last, with just 2.3% engagement.
While ransomware can strike anywhere, it’s clear that sectors handling critical or valuable data are clearly top targets.
What Is The Size Of Your Organization?
Small businesses face the highest risk at 32.9%
Ransomware doesn’t discriminate, but as our data shows, certain types of organizations experience attacks more frequently.
With tight budgets and a lack of security awareness, it’s not surprising small businesses lead the pack, with 32.9% reporting ransomware attacks. Non-profits aren’t far behind at 27.6%, and these high engagement levels are likely for the same reasons that small businesses are vulnerable. Large corporations also face their share, with 23.1% impacted, as attackers aim for bigger payouts. Medium-sized enterprises (8.2%) and government agencies (8.1%) see fewer incidents, but the risks are still very real.
Mobile Ransomware on the Rise
Access to corporate Wi-Fi networks, work email accounts, and work-related software makes mobile devices a soft target, which is reflected in the current statistics. More than 4.2 million American mobile users have already suffered ransomware attacks on their phones, and this figure is expected to continue to climb as mobile adoption in the workplace grows.
Ransomware Cryptocurrency Payments Set New Records
Cryptocurrency remains the dominant form of payment for ransomware attacks as it’s largely anonymous and hard to track. In 2023, crypto payments to ransomware attackers reached $449.1 million, up $175.8 million from the same period the year before. Ransomware inflows also rose by approximately 2%, from $449.1 million to $459.8 million, and it’s predicted that 2024 will be the highest-grossing year for ransomware payments to date.
In 2021, hackers who attacked an oil company earned over $90 million in Bitcoin. But this record pales compared to the Dark Angels, who were paid an approximate $75 million ransom by an undisclosed victim earlier in 2024.
With cryptocurrency being the preferred payment method for ransomware attacks and the stakes being so high, it’s no surprise the U.S. government is now looking for ways to end the scourge.
Data Demographics
Our data also examined the demographics of our sample group, with age, gender, region, and income all revealing interesting insights about the 2,630,332 people in the US surveyed.
Age
Respondents over 65 most engaged at 26.3%
Our survey showed that those over 65s were the most engaged, while those between 25-34 were the least. Here’s what the data reveals:
Over 65s were 3.6% more engaged on the topic of ransomware than those between 55 and 64 years old. The 65+ age group came out on top with 26.3% engagement, versus 55-64 year old’s 22.4%. These stats are interesting as the average retirement age in the U.S. is 62, theoretically putting the majority of those affected by ransomware outside of the working sector.
The rest of the age groups stacked up as follows, from highest engagement levels to lowest:
45-52: 21.7%
Under 25: 13.8%
35-44: 11.4%
25-34: 4.5%
Gender
Male respondents affected just 1.6% more than women
Our survey showed that men are only marginally more affected by ransomware attacks than women. Let’s take a closer look at what the graph shows below:
Statista reports that in 2023, 75.5 million men worked full-time in the U.S. compared to 58.56 million women. However, our survey data showed that when it came to ransomware attacks, women and men are affected almost equally. Male engagement racked up 50.8%, while female came in just below at 49.2%.
Region
Pacific region hardest hit by ransomware attacks at 35%
With over a third of respondents in the Pacific region, we examine where in the U.S. our +2.6 million respondents reside:
The states of California, Oregon, Washington, Alaska, and Hawaii attracted the highest engagement levels at 35%, with East North Central US came in nearly 14% behind, at 21.1%. In third place and separated by a nearly 10% difference was the South Atlantic (12.7%), which is interesting as this region is currently America’s top state for business, followed by the Mid-Atlantic (11.2%) and Mountain (7.1%). Thereafter, engagement levels plummeted to 3.8% in both West South Central US and New England, to 3.3% in West North Central and 2% in East South Central.
Income
51.7% of respondents earn between $200,000 to $500,000 annually
Based on our research, over half of respondents earn within the same income bracket. We’ve broken down the income groups of those affected by ransomware in the US.
In Q4 of 2024, the median earnings of full-time workers were $1,165 a week ($60,580 annually). This means that the 51.7% engagement rate who earn between 200,000 to $500,000 are paid well above the average. In contrast, those surveyed who fell into the average income bracket racked up the least engagement at 2.2% earning $40,000 to $80,000.
The groups earning between $500,000 and $1 million and $120,000 to $200,000 tied, both racking up engagement levels of 19.5, while those in the $80,000 to $120,000 bracket came in with 4.7% engagement. From this, we can deduce that those who fall into the middle-income categories of our survey are the hardest hit, while those in the highest and lowest-earning categories are the least affected by ransomware attacks.
Looking at our data and the numerous statistics that corroborate what we learned, ransomware is affecting businesses of all sizes in numerous ways across various sectors. It also comes with a potentially huge price tag, making protecting against attacks crucial. All businesses, big and small, are affected, and while putting a stop to these types of attacks is virtually impossible, mitigating them is not.
About the data
The data used in our survey was sourced from an independent sample of 2,630,332 people in the US on X, Quora, Reddit, TikTok, and Threads. The responses are collected within a 95% confidence interval and 5% margin of error. Engagement estimates how many people in the location are participating. Demographics are determined using many features, including name, location, and self-disclosed description. Privacy is preserved using k-anonymity and differential privacy, and the results are based on what people describe online—questions were not posed to the people in the sample.
