Ransomware Attacks and Payments Are Rising

Payments demanded in exchange for stolen information increased by up to 300%.

The hackers are more active than ever and their appetite for the ransom payment amounts is equally growing.

The past few years have been marked by evolving cyberattacks and aggressive ransomware campaigns. Accordingly, the sums that hackers were paid in exchange for stolen information increased by up to 300% within a year, says the 2020 Incident Response and Data Breach Report.

The research, conducted by cybersecurity company Crypsis, revealed that the average ransomware payment amount exceeded $18.000 in 2019. The median amount even peaked in the third quarter of 2019, when it hit nearly $22.894 and became the largest demanded payment amount in the two-year period.

As stated in the report, the increase was mainly related to the careful selection of victims that are capable of paying higher amounts and shifting towards usage of enterprise-targeted ransomware.


Ransomware is malicious software that is used by cybercriminals to lock and encrypt the victim’s computer. The hackers then demand payment for restoring access to sensitive data. According to the report:

The goal of ransomware is total business disruption, making victims choose between paying the ransom or rebuilding their affected systems, often from the ground up.

Majority of companies agree to pay

The number of organizations affected by ransomware reached 62.4% this year, says data of another cybersecurity firm CyberEdge. This is 6.3% more compared with the previous year and 7.3% more compared to 2018.

Yet, the number of companies that respond to cybercriminal’s demands and agree to pay the ransom is growing as well. Reportedly, over 57% of companies admitted they have paid a ransom in 2020. The number has been constantly increasing since 2018 when it sat at a level of 38.7%


In the meantime, the number of companies that refuse to obey the criminals’ demands respectively decreased from 61.3% in 2018 to 42.3% in 2020.

However, the chances to recover the stolen information are now higher, as nearly 67% of cyber thieves do recover the locked data for those who have paid. The percentage was quite lower (49.3%) a few years ago. Simultaneously, nearly 84.5% of victims recovered their encrypted data this year by not paying for criminals. This is slightly lower compared to 87% back in 2018.

Most victimized sectors

Although no company or industry is completely immune from the cyber attacks, the most affected sectors are “specific industries with unique ransomware risks and challenges”, the Crypsis report states.

The data reveals that the Healthcare sector was the prime target for the ransomware attackers, which suffered more ransomware attacks than any other sector – 22% in 2019. According to the report, it is an attractive sector for malicious actors due to the high volumes of sensitive information:

Compared to other industry sectors, Healthcare and Financial Services organizations store, transmit, and process high volumes of monetizable sensitive information that disproportionately attract threat actors.

The financial sector was the second most targeted sector, with the following 14% of incidents. Other frequent victims of ransomware attacks within the same period were Manufacturing (11%) and Information technology (9%) and Consulting (9%) sectors.

Although the numbers of ransomware attacks are lower in other industries like Engineering, Legal, Non-profit, Retail, Transportation, or Governmental institutions, the statistics depict that criminals are targeting a wide variety of businesses. The report adds that smaller organizations across all sectors are also targeted frequently.

Reportedly, the greediest and most commonly used ransomware types were Ryuk (26%), Dharma (11%), Sodinokibi (10%), and the newly raised Phobos (8%).

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia