Ransomware Attacks Someone Every 11 Seconds

Cyber Threat Map

*2017-2021 Global Ransomware Statistics
Get Protected
  • United States

    10 healthcare providers not immune from ransomware

    As the Covid-19 pandemic took hold in March 2020, 10 U.S. health care providers were attacked by the Ryuk ransomware group. The ransomware gang banked on the fact the pressing need to access systems and patient files would prompted these frontline workers to pay quickly.

  • France

    €10 million demanded from construction company

    Global construction company Bouygues was compromised by the Maze ransomware. Hundreds of systems were infected, impacting the company’s worldwide operations for several days. According to public sources, the demand of €10 million was not paid.

  • United Kingdom

    Financial technology company forced to pull servers offline

    Finastra, one of the world’s largest fintech companies, suffered a ransomware attack that forced it to temporarily pull critical systems offline. Though the company says there is no evidence that sensitive data was exfiltrated, the attack did disrupt service for many customers.

  • Germany

    Tech giant faces record ransom of $20 million

    German tech giant Software AG was hit by Clop ransomware with a demand for $20 million, one of the largest demands in ransomware history. When negotiations about the payment failed, Clop began leaking sensitive corporate data via the dark web.

  • Denmark

    Hearing Aid Manufacturer Out $95 Million

    One of the world’s largest hearing aid manufacturers, Demant, lost an incredible $95 million to a ransomware infection in Q3 2019 – making it one of the most costly attacks ever.

  • Mexico

    $5 million demanded from Pemex

    The computer systems of Petroleos Mexicanos were given one month to deliver $5 million in ransom following an infection. Luckily the company was able to neutralize the attack without having to pay.

  • 7 out of 10

    companies admit not being ready to respond to an attack


  • 31% of companies

    report experiencing daily cyberattacks


  • $13,000

    is the average ransom demanded from organizations


  • $250,000
    per hour

    is the average cost of unplanned downtime

    *IDC Report

What Is Ransomware?

Ransomware is a specific and extremely harmful type of malware used by cybercriminals to extort money from individuals, organizations, and businesses. The infections block access to your data until you make a ransom payment, at which point you’re supposed to regain access.

In reality, nearly 40% of the victims who pay the ransom never get their data back and 73% of those that pay are targeted again later – which is why everyone must protect against ransomware.

Notorious Ransomware Types

  • Dharma
  • Ryuk
  • Sodinokibi
  • Netwalker
  • Maze

Ransomware’s Connection to Cryptojacking

Cybercriminals are infecting Windows and Linux machines with malware that hijacks computing resources to mine cryptocurrencies without the user’s knowledge. Cryptojacking not only slows computer performance, increases energy costs, and damages hardware, the infection usually injects ransomware to maximize the malware’s profitability.

Thankfully, Acronis automatically detects and stops both ransomware and cryptojackers in real time – outperforming many leading endpoint cybersecurity solutions.

Our Cyber Protection Solutions Save Your Data

  • For Individuals

    Cyber Protect Home Office

    The world’s #1 personal cyber protection solution, independently proven to be the fastest, easiest to use, and most secure.

    Buy Now
  • For Business

    Cyber Protect

    The only solution that natively integrates cybersecurity, data protection and management to protect endpoints, systems and data. Integration and automation provide unmatched protection – increasing productivity while decreasing TCO.

    Buy Now

Proven Protection Against Ransomware

Independent laboratories, cybersecurity analysts, and industry groups agree that Acronis offers the best defense against modern cyberthreats.

Don’t Be a Victim

How Acronis solutions safeguard your data, applications, and systems

  • Using artificial intelligence, Acronis monitors your system in real time – examining the process stack to identify activities that exhibit behavior patterns that are typically seen in ransomware and cryptojacking attacks.

    Detects Attacks
  • If a process tries encrypting your data or injecting malicious code, Acronis immediately stops it and instantly notifies you that something suspicious was found. You can then block the activity or allow it to continue.

    Stops Encryption
  • If any files are altered or encrypted before the attack is halted, Acronis Cyber Protection solutions will automatically restore those files from the backup or cache – almost immediately reversing the affects of any attack.

    Restores Affected Files
  • Modern cyber protection must ensure the safety, accessibility, privacy, authenticity, and security of all data (known as SAPAS). Only Acronis unifies all of the necessary technology – hybrid cloud, AI, encryption, and blockchain – into one easy, efficient, secure solution.

    Five Vectors of Cyber Protection

Securing the Industry

  • Proud member of AMTSO

    As part of the Anti-Malware Testing Standards Organization (AMTSO), Acronis is helping to develop proper standards for testing security solutions, and we participate in tests that adhere to AMTSO’s standards

  • ML Contributor to VirusTotal

    Membership in AMTSO allowed Acronis to contribute our Machine Learning engine to VirusTotal, enabling all users around the world to benefit from our technology’s ability to detect various online data threats.

Joel S.

Network Administrator

“With the innovative features such as Acronis Active Protection against ransomware, we are implementing the strongest cyber protection on the market today.”

Looking for Help?

Frequently Asked Questions

  • What is ransomware?

    Ransomware is a type of malware used by cybercriminals to extort money from individuals, organizations, and businesses. While there are many ransomware types, a typical attack encrypts the victim’s data and then presents the user with a message that demands a ransom payment – usually in the form of digital currency like Bitcoin or Monero.

    Once the ransom is paid, the criminals are supposed to provide a decryption key – although it’s important to note that nearly 40% of the victims who pay the ransom never regain access to their data.

  • How to prevent ransomware?

    Ransomware is commonly distributed by emails and infected websites. Most ransomware is distributed using a malware infection technique known as “phishing”, in which you receive an email that looks like it is from someone you know or trust. The idea is to trick you into opening an attachment or click on a link within the email, at which point the ransomware is injected into your system.

    Being vigilant and avoiding suspicious links or attachments is the first defense, but cybercriminals are adept at fooling even the most guarded people. Having ransomware protection software defending your system is vital.

    Unfortunately, traditional anti-virus solutions that look for known strains of ransomware cannot keep up with today’s ever-evolving threats. Whether you need ransomware protection for Windows 10 or Mac devices, be sure to use anti-ransomware technology that detects attacks based on suspicious activities, since behaviorally based defenses are much better at identifying and stopping zero-day attacks

  • How to remove ransomware?

    If you are the victim of ransomware, removal is difficult. You essentially have three options.

    First, you can restore your system from a backup. You’ll need to ensure your backup hasn’t been tampered with, however, since new ransomware strains target backup files and backup software.

    The second option is to reformat the hard drive, wipe out all the data (including the infection), and then reinstall the operating system and applications. Without a backup, however, you’ll lose all of your personal data and will still face the threat of future ransomware attacks.

    Finally, you can pay the ransom and hope the decryption key works and your data will be restored. Just remember that 40% of those who pay never regain their data, so preventing an attack before damage is done is a much better approach.

  • Who is behind ransomware?

    Generally, those who develop and distribute ransomware are either organized crime groups or nation-state actors.

    Organized criminals are motivated by extorting as much money as possible. Increasingly they distribute their malware as ransomware kits that anyone can use – even if they don’t have much technical expertise. This ransomware as a service (RaaS) model spreads their software rapidly. The criminals facilitate the payments, decryptions, and other operational requirements, and they take a percentage of the collected ransom.

    Nation-states that rely on ransomware are generally rogue countries that are often under strict sanctions by the international community. Their use of ransomware is both to collect money from victims, and as a way to disrupt the economic, community, and governmental well-being of their rivals.

  • How to decrypt files?

    Given the wide array of ransomware families and the individual strains within those families, how you decrypt data following an attack varies.

    In some cases, there are decrypting software packages available online for certain kinds of ransomware. They can be created either because the strain has been thoroughly studied since it appeared or because a researcher found a flaw in the encryption used by the criminals. If you can determine the type of ransomware that has encrypted your files, you can look to see if a decryptor is available.

    In many cases, however, the popular ransomware strains have such strong encryption that decrypting files is not possible and, for the most part, there are no decryption options for modern ransomware families.

    The better option is to restore your system from a secure backup – which recovers your files and, in the majority of cases, deletes the malware so you do not risk reinfection.

    Ensuring you have a behavior-based ransomware blocker will also prevent future infections.