- 57% of all ransomware attacks tracked by the company in 2020 took place in the US
- Ransom payments in 2020 average roughly $176,000 per victim
- In 2020, ransomware operators focused almost exclusively on organizations staffing tens of thousands of employees
A recent look at the state of ransomware in 2020 reveals that the US has seen more targeted attacks than any other country. In fact, all other countries combined haven’t suffered enough attacks to equal the States.
Research from BlackFog shows several interesting (and worrying) trends in the lucrative ransomware market. Right off the bat, the MSSP says 57% of all ransomware attacks tracked by the company in 2020 took place in the US.
Australia takes a distant second place, with 7% of attacks. Canada follows with 6%, then the UK with 5% and Germany with 4%. France, Italy, Japan and Italy have a combined share of just 2%, while the rest of the world makes up the remaining 14%.
From an industry perspective, government was the primary target this year, drawing 34% of the attacks, followed by manufacturing (33%), education (29%), healthcare (24%) and general services (23%).
Many victims unfortunately continue to cave into attackers’ demands. In the fourth quarter of 2019, victims paid $45,000 on average to extortionists to unlock their data. Six months later, in Q2 2020, victims were paying up to $180,000 on average. Overall, ransom payments in 2020 average roughly $176,000 each.
Most of the attacks were claimed by infamous groups like Maze (17%), REvil/Sodinokibi (16%), NetWalker (14%) and Ryuk (13%), together making up 60% of ransomware attacks throughout the world in the past year.
And their demands are not unimpressive either. The average demand following a Maze attack is $420,000. The Ryuk gang is slightly more permissive with its victims, asking $282,590 on average. NetWalker’s average ransom demand is $176,910, according to the data.
Notably, the research indicates that ransomware operators – at least the big ones – almost exclusively focus on organizations staffing tens of thousands of employees. In the months of February and June, for example, the data indicates that ransomware actors targeted organizations with an average 37,000 or more employees.