Ransomware Attacks Someone Every 11 Seconds

Cyber Threat Map

*2017-2019 Global Ransomware Statistics
Get Protected
  • United States

    Government Offices Crippled by Ransomware

    City offices, school districts, port authorities, and other government agencies are getting hit hard. It cost Riveria Beach, Florida more than $1.5 million to recover from just one attack.

  • Singapore

    SMEs Are Not Prepared

    When 99% of Singapore’s economy is comprised of small-to-medium enterprises (SMEs), the fact that over 30% of SMEs suffered a ransomware attack in 2018 is a wake-up call for strengthening defenses.

  • Belgium

    Aerospace Manufacturer Grounded for Weeks

    In June 2019, the giant Belgian airplane parts maker ASCO sent 1,000 employees home for more than a week as it struggled to restore critical systems frozen by a ransomware attack.

  • United Kingdom

    The Top Target Country for Cybercriminals in 2019?

    While global ransomware attacks increased 15% year-over-year during the first half of 2019, the United Kingdom saw a 200% increase – that is more than 6.4 million attacks.

  • Netherlands

    Hospitals Stricken by Ransomware

    In a survey of 25 Dutch hospitals, 15 had attacks in the past three years. Another 20 hospitals refused to answer the survey because they feared being targeted by hackers.

  • Denmark

    Hearing Aid Manufacturer Out $95 Million

    One of the world’s largest hearing aid manufacturers, Demant, lost an incredible $95 million to a ransomware infection in Q3 2019 – making it one of the most costly attacks ever.

  • Mexico

    $5 million demanded from Pemex

    The computer systems of Petroleos Mexicanos were given one month to deliver $5 million in ransom following an infection. Luckily the company was able to neutralize the attack without having to pay.

  • 7 out of 10

    companies admit not being ready to respond to an attack


  • 93% of organizations

    were attacked in the past three years alone

    *IDC Report

  • $13,000

    is the average ransom demanded from organizations


  • $250,000
    per hour

    is the average cost of unplanned downtime

    *IDC Report

What Is Ransomware?

Ransomware is a specific and extremely harmful type of malware used by cybercriminals to extort money from individuals, organizations, and businesses. The infections block access to your data until you make a ransom payment, at which point you’re supposed to regain access.

In reality, nearly 40% of the victims who pay the ransom never get their data back and 73% of those that pay are targeted again later – which is why everyone must protect against ransomware.

Notorious Ransomware Types

  • Sodinokibi
  • GandCrab
  • WannaCry
  • Petya
  • Ryuk
  • Bad Rabbit
  • Impact:

    Sodinokibi Ransomware

    Sodinokibi is allegedly distributed by attackers affiliated with those that distributed the infamous GandCrab ransomware. Sodinokibi avoids infecting computers from Iran, Russia, and other countries that were formerly part of the USSR. Sodinokibi uses an Elliptic Curve Integrated Encryption Scheme (ECIES) for Key generation and exchange (Elliptic-curve Diffie-Hellman key exchange algorithm). This ransomware uses AES and Salsa20 algorithms to encrypt session keys and user’s files respectively, AES is also used to encrypt network data that is sent to the control server. The ransomware generally demands around 0.32806964 BTC (≈ $2,500) to regain access to the encrypted files.

    In the News
    Find out more about Sodinokibi on Acronis
  • Impact:

    GandCrab Ransomware

    GandCrab ransomware was discovered near the end of January 2018. It is distributed as part of Ransomware-as-a-Service (RaaS) and soon became the most popular and widespread ransomware. GandCrab is also the first ransomware that demands payment in DASH cryptocurrency and utilizes the “. bit” top level domain (TLD). This TLD is not sanctioned by ICANN and it therefore provides an extra level of secrecy to the attackers. GandCrab uses RSA-2048, AES-256 and RC4 encryption for encrypting AES keys and User’s data and Network traffic data respectively. The authors of GandCrab ransomware were very actively updating and releasing different versions of GandCrab to keep up with evolving security challenges. After a year of tremendous success for the attackers, they finally announced the shutdown of GandCrab operations around the start of January 2019. According to a post made on a hacker forum, GandCrab made $2 billion in total and the authors personally made around $150 million from the operation.

    Find out more about GandCrab on Acronis
  • Impact:

    WannaCry Ransomware

    Unlike many ransomware attacks, WannaCry was not spread by spam email. It became the fastest spreading attack – affecting 300,000 computers in more than 150 countries – by taking advantage of a vulnerability in Windows using an exploit leaked from the U.S. National Security Agency called EternalBlue.

    In the News
  • Impact:

    Petya Ransomware

    Remember that if you pay cybercriminals to regain access to your data, there’s no guarantee that you’ll get the decryption key. In fact, one report estimates that of victims who have paid the ransom, only 47 percent ever received the decryption key.

    Find out more about Petya on Acronis
  • Impact:

    Ryuk Ransomware

    Ryuk is allegedly linked to the state sponsored hacking group Lazarus and the earlier Hermes variant of ransomware. Unlike common ransomware strains that are distributed via massive spam campaigns and exploit kits, Ryuk is mostly used in targeted attacks. Ryuk’s earning crossed over $700,000 after just a few months of operation, indicating how successful their strategy has been. Ryuk uses process injection techniques to hide itself from AV solutions. Ryuk uses a three-tier encryption model where encryption keys are encrypted using RSA encryption and AES encryption is used to encrypt user’s files. Ryuk has infected very high-profile targets and demanded insanely huge ransom amounts, in the order of millions of dollars.

    In the News
  • Impact:

    Bad Rabbit Ransomware

    Bad Rabbit is a variation of Petya (or GoldenEye) that hackers modified. Unfortunately traditional anti-virus solutions rely on “signatures” to identify ransomware, so if it’s a new strain it may not be recognized. That’s a problem since there’s a 400 percent growth in new strains each year.

Ransomware’s Connection to Cryptojacking

Cybercriminals are infecting Windows and Linux machines with malware that hijacks computing resources to mine cryptocurrencies without the user’s knowledge. Cryptojacking not only slows computer performance, increases energy costs, and damages hardware, the infection usually injects ransomware to maximize the malware’s profitability.

Thankfully, Acronis automatically detects and stops both ransomware and cryptojackers in real time – outperforming many leading endpoint cybersecurity solutions.

Our Cyber Protection Solutions Save Your Data

  • For Home

    True Image 2021

    The world’s #1 personal cyber protection solution, independently proven to be the fastest, easiest to use, and most secure.

    From 49.99 €

    Buy Now
  • For Business

    Cyber Backup

    Delivering modern cyber protection for 20+ platforms, it’s the most secure solution for businesses of all sizes.

    From 75 €

    Try Free for 30 Days

Proven Protection Against Ransomware

In three separate studies, independent testing lab NioGuard Security Labs determined Acronis offered the best defense against modern cyberthreats.

Don’t Be a Victim

How Acronis solutions safeguard your data, applications, and systems

  • Using artificial intelligence, Acronis monitors your system in real time – examining the process stack to identify activities that exhibit behavior patterns that are typically seen in ransomware and cryptojacking attacks.

    Detects Attacks
  • If a process tries encrypting your data or injecting malicious code, Acronis immediately stops it and instantly notifies you that something suspicious was found. You can then block the activity or allow it to continue.

    Stops Encryption
  • If any files are altered or encrypted before the attack is halted, Acronis Cyber Protection solutions will automatically restore those files from the backup or cache – almost immediately reversing the affects of any attack.

    Restores Affected Files
  • Modern cyber protection must ensure the safety, accessibility, privacy, authenticity, and security of all data (known as SAPAS). Only Acronis unifies all of the necessary technology – hybrid cloud, AI, encryption, and blockchain – into one easy, efficient, secure solution.

    Five Vectors of Cyber Protection

Securing the Industry

  • Proud member of AMTSO

    As part of the Anti-Malware Testing Standards Organization (AMTSO), Acronis is helping to develop proper standards for testing security solutions, and we participate in tests that adhere to AMTSO’s standards

  • ML Contributor to VirusTotal

    Membership in AMTSO allowed Acronis to contribute our Machine Learning engine to VirusTotal, enabling all users around the world to benefit from our technology’s ability to detect various online data threats.

Joel S.

Network Administrator

“With the innovative features such as Acronis Active Protection against ransomware, we are implementing the strongest cyber protection on the market today.”

Looking for Help?

Frequently Asked Questions

  • What is ransomware?

    Ransomware is a type of malware used by cybercriminals to extort money from individuals, organizations, and businesses. While there are many ransomware types, a typical attack encrypts the victim’s data and then presents the user with a message that demands a ransom payment – usually in the form of digital currency like Bitcoin or Monero.

    Once the ransom is paid, the criminals are supposed to provide a decryption key – although it’s important to note that nearly 40% of the victims who pay the ransom never regain access to their data.

  • How to prevent ransomware?

    Ransomware is commonly distributed by emails and infected websites. Most ransomware is distributed using a malware infection technique known as “phishing”, in which you receive an email that looks like it is from someone you know or trust. The idea is to trick you into opening an attachment or click on a link within the email, at which point the ransomware is injected into your system.

    Being vigilant and avoiding suspicious links or attachments is the first defense, but cybercriminals are adept at fooling even the most guarded people. Having ransomware protection software defending your system is vital.

    Unfortunately, traditional anti-virus solutions that look for known strains of ransomware cannot keep up with today’s ever-evolving threats. Whether you need ransomware protection for Windows 10 or Mac devices, be sure to use anti-ransomware technology that detects attacks based on suspicious activities, since behaviorally based defenses are much better at identifying and stopping zero-day attacks

  • How to remove ransomware?

    If you are the victim of ransomware, removal is difficult. You essentially have three options.

    First, you can restore your system from a backup. You’ll need to ensure your backup hasn’t been tampered with, however, since new ransomware strains target backup files and backup software.

    The second option is to reformat the hard drive, wipe out all the data (including the infection), and then reinstall the operating system and applications. Without a backup, however, you’ll lose all of your personal data and will still face the threat of future ransomware attacks.

    Finally, you can pay the ransom and hope the decryption key works and your data will be restored. Just remember that 40% of those who pay never regain their data, so preventing an attack before damage is done is a much better approach.

  • Who is behind ransomware?

    Generally, those who develop and distribute ransomware are either organized crime groups or nation-state actors.

    Organized criminals are motivated by extorting as much money as possible. Increasingly they distribute their malware as ransomware kits that anyone can use – even if they don’t have much technical expertise. This ransomware as a service (RaaS) model spreads their software rapidly. The criminals facilitate the payments, decryptions, and other operational requirements, and they take a percentage of the collected ransom.

    Nation-states that rely on ransomware are generally rogue countries that are often under strict sanctions by the international community. Their use of ransomware is both to collect money from victims, and as a way to disrupt the economic, community, and governmental well-being of their rivals.

  • How to decrypt files?

    Given the wide array of ransomware families and the individual strains within those families, how you decrypt data following an attack varies.

    In some cases, there are decrypting software packages available online for certain kinds of ransomware. They can be created either because the strain has been thoroughly studied since it appeared or because a researcher found a flaw in the encryption used by the criminals. If you can determine the type of ransomware that has encrypted your files, you can look to see if a decryptor is available.

    In many cases, however, the popular ransomware strains have such strong encryption that decrypting files is not possible and, for the most part, there are no decryption options for modern ransomware families.

    The better option is to restore your system from a secure backup – which recovers your files and, in the majority of cases, deletes the malware so you do not risk reinfection.

    Ensuring you have a behavior-based ransomware blocker will also prevent future infections.