Ransomware can ruin your day as much as a flood, earthquake, fire, or any other natural disaster. It has the potential to wreck businesses, shut down hospitals, and close schools. And if you're unlucky enough to be affected, it can ruin your finances. But as with apocalyptic events in nature, there are patterns in misfortune, and it's possible to draw patterns and identify high risk areas. With a bit of forward planning, you may even be to avoid catastrophe completely.

So where is most affected by ransomware? Who is typically targeted? And how can you protect yourself?

What Is Ransomware Anyway?

Criminals want your money, and draining your bank account is hard. Criminals persuade victims to hand over their money voluntarily by encrypting essential files on compromised computers.

Unable to conduct business, and losing money every day they're not operating, companies will often pay the criminals to decrypt their machines and allow them to continue trading. Criminals are usually able to access the machines either because of lax security processes or through social engineering attacks.

Who Does Ransomware Target?

line of parked ambulances

Engaging in any criminal enterprise is a risky business, and cybercriminals prefer to hit targets which will net them the largest amount of cash, while exposing themselves to the lowest risk. It makes sense to hit fewer big targets than many small ones. And it's understandable that they prefer to target businesses who are likely to pay, rather than calling law enforcement.

According to research by Comparitech, there were 2,122 ransomware attacks in the United States between 2018 and January 2023. That's a lot, and it's likely that even more went unreported. Even taking this figure at face value, it's more than one ransomware attack every day.

The average figure for each ransom was a staggering $2.3million.

Naturally, as businesses tend to have more money than private individuals, schools, or public bodies, they're seen as the biggest jackpot for hackers. And as they're continually making money, every stoppage costs them more. The largest ransom known to have been paid during this period was a colossal $60 million, paid in 2022 by Intrado, a communications company with interests in cloud collaboration, 911 operations, enterprise communications, digital media including streaming operations, and health and wellness.

In fact, nine of the top 10 ransoms were paid by businesses, and included such prominent names as Kia Motors, Garmin, and EDP Renewables.

The education sector features prominently, with the second-largest ransom—amounting to $40 million—paid by Broward County Public Schools in 2021. The attack was carried out by the notorious Conti group, which has been linked to hundreds of other attacks.

Hospitals and other medical care facilities are prime targets for ransomware attacks, for the simple reason than when hospital computers go offline, patients don't receive the care they need, and people die. Perhaps because the criminals have some conscience regarding people dying as a direct result of their actions, ransoms from the healthcare sector tend to be lower, with an average payout of around $700,000.

Government facilities are also regularly targeted, with state and regional facilities falling victim. Because of their stricter budgets, local government agencies have limited IT security resources, and often run outdated software, making them easier targets. But this also means that they're substantially lower paying than businesses with a mean haul of a meager half million dollars.

Where Do Ransomware Attacks Take Place?

LA city of angels intersection

Ransomware attacks take place anywhere that criminals think they can make an easy buck, and attacks tend to be concentrated in areas where there is a high concentration of wealth and businesses with a high turnover.

In the US, this means the east coast including Washington DC, Maryland, Delaware, and New York; the north-west coast including California, and Seattle; and major regional hubs such as Chicago, Illinois. Most of those attacks are on businesses, but that doesn't mean the rest of the US is immune. Less wealthy states have a much greater proportion of attacks on healthcare and government. Again, this is likely because of lower budgets for IT departments.

No US state was left unaffected by ransomware attacks between 2018 and January 2023, although some proved either less attractive or more resilient to criminals. Overall, Wyoming had the lowest number of reported attacks, with one ransomware incident at Carbon Power and Light, and two attacks on healthcare facilities.

Protect Yourself From Ransomware Attacks With Common Sense

Ransomware is scary, but like designing for flood defenses or forest fires, there are steps you can take to protect yourself from becoming a victim. Here are our best tips:

  • Take regular backups and store them securely: If the worst happens and your entire file system is encrypted, that's a huge deal. It's less of an issue if you take daily or weekly backups of your system and remove them from your network so they can't be affected by ransomware too. You will have lost a day or a week's worth of data, but that's preferable to all your information.
  • Keep your systems updated: Vulnerabilities are discovered in software every day. These flaws can be exploited to penetrate and compromise your systems. Always apply the latest security patches, and make sure your system is as safe as can be.
  • Train your staff: The biggest vulnerability in any system is the human factor. Humans can fall victim to phishing and spearphishing attacks; they can have weak passwords; they can be exploited. All of these factors can give attackers the gateway they need to compromise, encrypt, and ransom your system.
  • Employ a good antivirus: Most ransomware is deployed via Trojans or other unauthorized software on your system. A decent antivirus suite will detect these programs before they can get to work. These can be expensive, but are well worth it when you consider the potential cost.

Can You Trust Ransomware Attackers?

Ransomware is bad, but at least you're reassured that if you pay the money, your system will be restored to normal working order, and you'll be able to resume business as usual... right? This isn't always the case. Sometimes what appears to be ransomware is actually fake ransomware: your files have been encrypted, but the criminals responsible will never decrypt them.