Our Blog


The State Of Ransomware – 2020

Ransomware continues to evolve as the fastest growing and one of the most damaging types of cybercrime. As we scoured the web for updated trends and statistics on ransomware’s impact, we thought it would be helpful to share our findings. If you, or someone you know, are working to characterize the problem for your management team or colleagues — this list may help. Ransomware is everybody’s problem but it is solvable and we are here to help.

Prevalence In 2020: It’s Not Going Away

Whether you’re new to ransomware or a veteran in the field, the numbers of records stolen, budgets drained and businesses crippled are staggering:

  • Ransomware cost businesses $20 billion in 2020 increasing over the 2019 estimate total of $11.5 billion.
  • The average total cost of a 2020 data breach was $3.86 million.
  • New ransomware samples increased 72% in 2020, taking advantage of covid-19 vulnerabilities.
  • Malware is increasingly polymorphic, with 15,224,388 new malware and potentially unwanted applications found in January 2021 alone.
  • In Q4, the average ransom payment was $154,108, while the median ransom payment was $49,450, both decreases from Q3.
  • 59% of consumers would avoid doing business with an organization hit by a cyberattack in the last year.

Initial Access Vectors

  • Email Phishing is the top attack vector, recently overtaking RDP Compromise for the first time, with Software Vulnerability remaining third.
  • One-time links are a phishing trend of the past year. After a user receives a link and clicks on it once, it’s impossible to obtain the same content again to collect evidence.
  • The amount of phishing web resources found and blocked rose above 118% from the global pandemic, lockdown, and subsequent push for online shopping and engagement.
  • 67% of data loss breaches are missed.
  • 50% of MSPs reported that ransomware averted antivirus/anti-malware solutions.

Attack Vectors Vary By The Size Of The Victim

Small businesses have less complex cybersecurity infrastructure that’s easier to penetrate. It’s important to know what methods cyber attackers use to know how to best build your defenses. 

Downtime Costs

  • The average length of downtime following a breach is 21 days, making business interruption costs the largest source of losses.
  • The cost of downtime is nearly 50x greater than the ransom requested:

Cyber Insurance Isn’t Enough

  • Only 10% of organizations with cyber insurance used claims to cover the cost of ransomware or extortion.
  • 1 in 5 organizations found that their cyber insurance policy didn’t cover ransomware.

It’s A Small Business Problem

Headlines can be deceiving – they prefer to highlight larger companies and vital service industries made victim – while masking the more common ransomware target of small businesses.

  • More than half of all cyberattacks are committed against small-to-midsized businesses (SMBs), and 60% of them go out of business within six months of falling victim to a data breach or hack.
  • 3 in 5 SMBs and 4 in 5 MSPs were targeted by ransomware attacks.
  • 70% of ransomware incidents were companies with under 1000 employees and under $50 million in revenues.
  • In Q4, the median number of employees at the companies who fell victim was 234, up 39% from Q3 2020.
  • Small companies are much less likely to have adequate backups or the financial resources to make a full recovery following a ransomware attack.
  • Of small businesses hit with a data breach, 37% suffered financial loss, 25% filed for bankruptcy and 10% went out of business.
  • Small professional services firms make up about 14% of all businesses. Yet, from a ransomware attack perspective, they make up 25% of attacks, or almost double.

While Ransomware Rates Spike So Does The Underground Market For Selling Stolen Credentials

  • 2020 patient records could fetch up to $1000 each on the Dark Web, compared to credit card data prices of $12-20 and bulk email address lists of $100.
  • Intellectual Property, i.e. vaccine research, is expected to be the next high ticket target for 2021 ransomware.
  • $6.2 million in total annual underground sales of stolen credentials, four times the prior year total.

Healthcare Industry

Health care continues to incur the highest industry average total cost of data breaches, followed by other regulated industries like energy, financial services and pharmaceuticals. Those in less regulated industries (i.e. hospitality, media and research) are less attractive targets.

  • In a survey of 168 healthcare IT professionals, 61% said their organizations do not have effective mechanisms in place to detect patient safety issues related to significant security incidents. Ransomware infection results in delayed care, patients being turned away from a hospital and surgeries canceled.
  • In the same survey, only 50% reported that their organizations are conducting end-to-end security risk assessments.  HIPAA requires these missed security risk assessments, albeit not at the depth required to adequately protect from being breached.
  • And, sadly, this year marked the first patient death due to ransomware.

Crypto Crimes Using Bitcoin

  • Cyber-criminals are increasingly using ransomware to illegally drain funds via cryptocurrencies such as Bitcoin and Monero.
  • The number of ransomware attacks increased by 311% from 2019 to 2020, increasing faster than any other category of cryptocurrency-based crime, and totaling just under $350 million.
  • One Ransomware gang threatened Campari for $15M Bitcoin ransom via Facebook ads.
  • Check out the ChainAnalysis argument that ransomware criminals may be a smaller ring than you’d expect, given the number of unique strains currently operating

The Future Of Ransomware

  • Cybercrime around the globe is expected to reach a total of $6 trillion in 2021, with a continued rise to $10.5 trillion by 2025.
  • Cybersecurity Ventures also predicts that a business will receive a ransomware attack every 11 seconds in 2021, up from 40 seconds in 2016.
  • Global ransomware damage costs are predicted to reach $20 billion by 2021, 57x greater than the damages in 2015.
  • In 2021, three factors will increase the percentage of data breaches caused by insider threats (from 25% to 33%): 1) the rapid push of users to remote work 2) employees’ job insecurity; and 3) the increased ease of moving stolen company data. Nearly half of the U.S. workforce is working from home, relying on cloud access to data while opening security blind spots.
  • 70% of consumers believe that businesses aren’t doing enough to secure their personal information.
  • Current discussion addresses the possibility of sanctioning companies who pay demanded ransoms because it encourages terrorism and other criminal activities.
  • 55% of all enterprises state they will be increasing their cybersecurity budgets.

It’s A Solvable Problem!

We train your teams to avoid it and build your defenses against it, while new variants continue to appear.  Reach out to learn about our clear and dependable approach to the problem. You can decide how hands-on (or hands-free) you want your ‘Ransomware Vaccine‘ to operate. Choose our DIY guide or contract our services to bolster your defenses and give yourself peace of mind in this critical area.

Occaecat totam! Illo orci quam! Aliquet dolor excepteur debitis culpa, doloribus aliquip, fugiat nostra penatibus feugiat eiusmod do cras duis, sem, temporibus, ratione tempus pulvinar, conubia. Congue illo repudiandae velit nascetur adipisicing ratione diamlorem! Erat cursus? Taciti. Libero perferendis, aptent, cubilia penatibus? Porttitor possimus deleniti cillum class natus non architecto.

CTO / Principal Engineer


David Hyde-Volpe

CTO / Principal Engineer




Cyber Risk Reduction

Request A Quote

request A consultation

Request A Quote


Business Operations Manager
Certified: GSEC, CompTIA A+
Education: BA, College of William and Mary
Areas of Focus: Project Management, Accounting, Logistics


CTO / Principal Engineer

Certified: GCIH, GSEC, GMON

Education: BS – Chemistry, Clemson University, Completed PhD coursework in Quantum Theoretical Chemistry – Georgia Institute of Technology, Completed PhD coursework in Statistical Mechanical Theoretical Chemistry – Clemson University.

Areas of Focus: Secure Coding, statistical modeling, penetration testing, security architecture


CEO / Principal Engineer
Certified: CISSP, GCIH, PMP, CRISC, CISA, CISM, CCSK; previous certifications include CCNP, CCSP, CCVP, CCDP
Education: University of MD. LaSalle University (BS/MS – Information Systems)
Areas of Focus: BC/DR, Quantitative Risk programs and analysis, 1/CISO and 1/CIO functions, security strategy and architecture

Subscribe to Vizius' newsletter
and access our FREE

Ramsomware Vaccine

Free Impact Assessment