Ransomware caused hundreds of billions of dollars of economic damage in 2020.
As the world struggled to navigate the challenges of the pandemic, ransomware gangs thrived, with the increased adoption of data exfiltration helping create a lucrative year for the criminals – and a costly and extremely disruptive year for victims.
The average ransom demand grew by more than 80 percent. Globally, a minimum of $18 billion was paid in ransoms, while the cost of downtime in the private and public sectors added billions more in costs.
The statistics below show the devastating economic toll ransomware has taken in a number of key markets. The data includes ransom demands, the cost of downtime, and the overall global cost of ransomware, as well as separate statistics focused on the public and private sectors.
The statistics are based primarily on submissions to ID Ransomware and the calculation method is explained at the end of the report. All costs are stated in USD.
Country-by-country breakdown – Home users included
Ransom demand costs only
Country | Total Submissions | Minimum Cost (USD) | Estimated Costs (USD) |
United States | 23,661 | $920,353,010 | $3,682,228,067 |
Italy | 9,226 | $346,729,130 | $1,387,389,097 |
Spain | 8,475 | $298,254,459 | $1,193,709,500 |
France | 7,824 | $283,816,080 | $1,135,795,109 |
Germany | 7,138 | $252,609,210 | $1,011,001,498 |
U.K. | 4,788 | $169,182,845 | $677,113,461 |
Canada | 4,257 | $164,772,274 | $659,246,267 |
Australia | 2,775 | $105,978,531 | $424,034,780 |
Austria | 1,254 | $46,643,868 | $186,645,857 |
New Zealand | 399 | $14,230,333 | $56,951,495 |
TOTAL (All countries) | 506,185 | $18,658,009,233 | $74,632,036,933 |
Private and public sector-only – Home users excluded
Ransom demand costs only
Country | Total Submissions | Minimum Cost (USD) | Estimated Costs (USD) |
United States | 15,672 | $596,436,809 | $2,385,747,238 |
France | 4,476 | $159,738,887 | $638,955,546 |
Spain | 4,088 | $151,309,229 | $605,236,914 |
Italy | 3,835 | $147,376,932 | $589,507,727 |
Germany | 3,747 | $132,558,050 | $530,232,201 |
Canada | 3,236 | $123,697,351 | $494,789,403 |
U.K. | 2,718 | $93,475,142 | $373,900,568 |
Australia | 2,072 | $79,951,174 | $319,804,695 |
Austria | 819 | $32,252,920 | $129,011,681 |
New Zealand | 265 | $9,906,552 | $39,626,209 |
Total cost: ransom demand costs + downtime costs
Country | Total Submissions | Minimum Cost (USD) | Estimated Costs (USD) |
United States | 15,672 | $4,893,699,209 | $19,574,796,838 |
France | 4,476 | $1,387,058,087 | $5,548,232,346 |
Spain | 4,088 | $1,272,238,829 | $5,088,955,314 |
Italy | 3,835 | $1,198,933,932 | $4,795,735,727 |
Germany | 3,747 | $1,159,985,450 | $4,639,941,801 |
Canada | 3,236 | $1,011,008,551 | $4,044,034,203 |
U.K. | 2,718 | $838,750,742 | $3,355,002,968 |
Australia | 2,072 | $648,093,574 | $2,592,374,295 |
Austria | 819 | $256,822,720 | $1,027,290,881 |
New Zealand | 265 | $82,569,552 | $330,278,209 |
Conclusion
While all figures contained in this report are based on the best information currently available, truly accurate projections are impossible due to limited datasets and information sharing limitations, the absence of incident disclosure requirements, etc.
Consequently, this report is not intended to be an accurate estimate of the true global cost of ransomware. Instead, it’s simply intended to highlight the scale of the problem.
Calculation methods and assumptions
- The number of incidents is derived from submissions to ransomware identification service ID Ransomware. Every submission to this service represents a confirmed incident, and there were a total of 506,185 submissions during 2020. These include the Djvu strain of ransomware called STOP.
- We believe that only approximately 25 percent of public and private sector organizations affected by ransomware use ID Ransomware. Accordingly, we have provided two estimates: a minimum cost based on the actual number of submissions and an estimated cost based on that number multiplied by 4.
- The average ransom payment is $154,108 except in STOP cases. In STOP cases, the average demand is $490 [1]
- 27 percent of impacted organizations pay the ransom demand. [2]
- The average total cost of downtime per incident is $274,200. [3]
Sources
- [1] Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands – Coveware
- [2] 2020 CrowdStrike Global Security Attitude Survey – CrowdStrike
- [3] Ransomware and the Cost of Downtime – Datto