Ransomware Facts and Figures


Cybercriminals have started focusing their efforts on businesses during Q1 2019, with consumer threat detections decreasing by roughly 24% year over year while businesses have seen a 235% increase in the number of cyber attacks against their computing systems.

Out of all malware families impacting commercial entities, ransomware has seen huge comeback with increases of 189% since Q4 2018 and a massive 508% uptick since Q1 2018, while on the consumer side ransomware was “knocked out of the top 10 from its previous steady ranking for several years running.”

As detailed by Malwarebytes, this huge increase in corporate ransomware detections happened “thanks in large part to a massive attack by the Troldesh ransomware against US organizations in early Q1.”

This trend is also backed by FBI’s Internet Crime Complaint Center (IC3) annual Internet Crime Reports (2013, 2014, 2015, 2016, 2017, 2018) which show that while ransomware has definitely seen a decrease in the number of incidents since 2016, the total losses have increased despite a decreasing number of complaints.
A detailed overview of the number of yearly ransomware complaint and total losses as reported by the IC3 is available in the table below.

Year ==> Total Losses
2013 ==> $539,562.00
2014 ==> $490,577.00
2015 ==> $1,620,814.00
2016 ==> $2,431,261.00
2017 ==> $2,344,365.00
2018 ==> $3,621,857.00
This happened because cybercriminals have switched their targets from home users to commercial organizations which can afford to pay larger ransoms.

The 2018 edition of IC3’s Internet Crime Report also underlined that not all ransomware victims report the incident, thus leading to an “artificially low ransomware loss rate.”

Regarding ransomware adjusted losses, this number does not include estimates of lost business, time, wages, files, equipment, or any third party remediation services acquired by a victim.

In some cases victims do not report any loss amount to the FBI, thereby creating an artificially low ransomware loss rate.

Lastly, the number only represents what victims report to the FBI via the IC3 and does not account for victim direct reporting to FBI field offices/agents.

The Malwarebytes report conclusions are the result of combining statistics and intel collected between January 1 and March 31, 2019.

They rely on data from the company’s “Intelligence, Research, and Data Science teams” with telemetry added to the mix from both the “consumer and business products on the PC, Mac, and mobile devices.”

More details on the evolution of other threats targeting consumers and businesses are available in Malwarebytes’ full Cybercrime Tactics and Techniques (CTNT) Report.