Malware, Ransomware & Phishing – 60 Facts and Stats You Must Know!

Malwares affect us all. We have become increasingly dependent on technology and, therefore, a lot more susceptible to malware intrusions.

The people behind these malwares are continually coming up with stronger malware and creative ways of injecting them into the victim’s computer. The situation is a lot graver than what many realize.

While it is nearly impossible to stop the influx of malware, one can always take preventive measures to stay out of their reach. Being aware of what’s happening in the malware is among the better methods of protection from them.

If one is aware of what can hit them, they might be able to prepare better for a possible attack. This article will help you expand your knowledge base for malware.

Some of the points might help you realize the potential threats you might face while others might give you an idea of the potential damage those threats can cause. Some of the facts might entice you into looking more into the world of malware, and some might make you go back and see if your antivirus system is up-to-date or not.

The broader stats

Let us begin with some raw numbers and charts. Various cybersecurity ventures and enthusiasts keep coming up with data to throw some light on what is happening in the world of malware. While most of this information is usually frightening, it can help one better understand and predict the trends.

We have cherrypicked a handful of such information to give you a glimpse into what’s happening in the world of cybersecurity.

1. Phishing, malware, and social engineering top the chart

The three major kinds of attacks that a user may face are phishing, malware, and social engineering. This has been the case for 3 consecutive years now. The share between phishing, malware, and social engineering is 44%, 31%, and 27%, respectively.

(Source: Isaca)

2. The greatest number of cyberattacks were reported in North America

43% of the cyberattacks reported last year were from North America. But this should not be confused with the number of cyberattacks that happened. There can be some correlation between the total number of attacks and this stat, but the ratios can fluctuate. A significant number of cyberattacks are left unreported. Europe accounted for 25% of the reported cyberattacks.

(Source: Isaca)

3. 28% of all reported cybercrimes were directed at technology services/consulting industry

The industry seems to attract a lot of cybercriminals. The banking sector was the next most affected industry, with a 20% share followed by government agencies at 10% of all the cyber crimes reported.

(Source: Isaca)

4. The number of malware incidents is getting lower whereas phishing is at its all-time high

Google’s transparency report tells that malware-ridden websites have been on a continuous decline since 2017. However, the number of phishing websites has increased at an exponential rate in this period. Cybercriminals seem to be relying more on phishing rather than trying to insert malware.

(Source: Google’s Transparency report)

5. 65% cyberattacks are directed at small and medium businesses

Cybercriminals are swaying more towards small and medium businesses. Such organizations don’t usually have enough resources to be prepared for the more sophisticated attacks. It makes them easy prey, and the trends reflect the same.

(Source: Cybint)

6. Potentially unwanted application (PUA) made up for only 13.89% of all cyber threats

Malware makes up for most computer threats. The numbers shown by AV-TEST say that 86.11% threats recorded last year were all malware.

(Source: AV-TEST)

7. There has been a 56% increase in web attacks

The internet security threat report published by Symantec revealed that there had been an increase of 56% in the cyberattacks. The growth seems exponential and equally bad news for users and cybersecurity officials.

(Source: Symantec)

8. Cybercriminals are targeting businesses for a bigger payoff

There was a 79% increase in malware detections for businesses as hackers realized that they could make bigger money by targeting businesses rather than individuals.

(Source: Malwarebytes)

9. The first computer virus was discovered on a Mac

This might be surprising for a lot of ‘i-users’ out there. A computer virus called Elk Cloner was discovered on a Mac back in 1982. The first PC-based malware called Brain was released in 1986.

(Source: Livewire)


Malware isn’t supposed to be confused with other cyber-threats. It does encompass a wide range of sub-sections of digital threats, and we have a dedicated section to explain the nomenclature.

For now, this section will give you an idea of how malware is currently wreaking havoc in the digital world. It not only causes monetary damage but intellectual and sometimes physical, as well.

The rate of malware attacks is growing at an alarming rate. And with new kinds of malware showing up now and then, the cybersecurity industry is always on its toes.

Here are a few facts to enlighten you more on the matter.

10. SonicWall recorded 10.52 billion malware attacks in 2018

2018 saw an exceptional rise in malware attacks. The numbers of malware recorded reached 10.52 billion, breaking all the previous records. However, the number dipped significantly in the next year. Similar trends appeared in other cybersecurity reports confirming the decrease in number of malware attacks in 2019.

(Source: Sonic Wall)

11. United States reported more cyberattacks than any other country even after a 17% decrease

The US continues to be the most malware affected country. The silver lining is that the number of attacks has reduced compared to the previous year. The trend was similar in other countries, with a few exceptions of India, Switzerland, and the Netherlands.

(Source: Sonic Wall)

12. Emails are still the most common vector for spreading malware

One of the toughest parts of the job for a hacker is to transmit and execute the malware on the user’s device. It usually requires someone to run the malware on the device. Emails turn out to the best way of making someone click on a malicious file. They would often obfuscate the malware with a usual format such as ZIP, PDF, DOC, etc.

(Source: IT Pro Portal)

13. 32.77% of the world’s computers were infected by some malware

A report released in 2014 stated that nearly one-third of computers across the world are dealing with a malware of some type. The period saw the detection of multiple new malware types, and trojan horses were the table toppers.

(Source: TechNewsWorld)

14. There is a 14% increase in malware activity compared to the previous year

AV-TEST recorded a 14% increase in malware activity in 2019 as compared with 2018. The number is expected to increase since there was still one month left in 2019 at the time of writing this article. The rate of increase in malware activity per year seems to be reaching a plateau, but the growth is still significant.

(Source: AV-TEST)

15. The kinds of macOS malware tripled

The Apple ecosystem is considered a safer bet compared to a malware-ridden Windows and Android section. But recent trends show that cybercriminals are getting more interested in macOS. There was a nearly three times increase in number of malware samples for macOS in the year 2018.

(Source: AV-TEST)

16. Mobile phones are getting safer

SecureList reported almost 1 million fewer mobile malware detections as compared to the second quarter of 2018. The trends have been steady, and one can feel relatively safer using mobile phones if they adhere to safe practices.

(Source: SecureList)

17. 28.31% mobile users in Iran are affected by mobile malware

Iran is the most affected country by mobile malware. The stats showed that it had the highest percentage of mobile users affected by malware on their phones. 9.92% users in USA experienced a mobile malware attack.

(Source: Kaspersky)

18. A new malware is released every 7 seconds

Cybercriminals are churning out malware at a rate that we have never experienced before. The sheer volume of malware released every year is a growing concern in cybersecurity communities.

(Source: G DATA)

19. Malware attacks are burning holes in pockets of organizations

Malware costs an average of $2.6 million to an organization each year. This is an increase of 11% compared to the figures from previous year data. This is much higher compared to other cyber threats that an organization faces. Web-based attacks and DDoS follow malware in the list of most expensive cyber threats for organizations.

(Source: Accenture)

20. At the current rate, mobile malware will become a billion-dollar industry by 2020

With the continuous increase in the number of mobile internet users across the world and the influx of more sophisticated mobile malware, cybercriminals might cause damage of as much as $1 billion.

(Source: McAfee)


Ransomware is among the most widely discussed cyber-attacks of all time. It affected institutions and individuals across the world in its prime. It is still a significant threat to for everyone with new forms of ransomware coming in the mix.

Ransomware would encrypt the data and then demand a ransom if the owner wishes to regain control of the data. People had no clue of what to do when the ransomware wave hit the world back in 2016. Cybersecurity experts preach not to give up to their demands as it will only motivate them to keep coming back.

Keeping the backup of the information stored on a remote drive is among the best ways to deal with this threat.

21. Ransomware attacks grew by 118% in the first quarter of 2019

McAfee’s quarterly report suggested ransomware actors are getting more active. It also discussed how cybercriminals are moving towards other vectors instead of relying on mass campaigns. The trend doesn’t bring good news for businesses.

(Source: McAfee)

22. Global ransomware damages will be $20 billion by 2021

It seems like we are going to keep hearing about ransomware. It is predicted that there will be $20 billion in damages by the year 2021. It will be a 57 percent increase compared to what the associated cost was in 2015.

(Source: Cybersecurity Ventures)

23. Ransomware decreases in volume but still producing hefty amounts for cybercriminals

The average cost of ransom increased to $36,295 in the second quarter of 2019. This is a 184% increase compared to what the number was in the previous quarter.

(Source: Coveware)

24. Average downtime because of ransomware is 9.6 days

The average number of days needed to resolve an issue is almost 10 days in the second quarter of 2019. It is more than a 30% increase compared to the previous quarter. The increase can mostly be attributed to the introduction of more sophisticated ransomware.

(Source: Coveware)

25. Ransomware is expected to attack a business every 11 seconds by the end of 2021

According to predictions by Cybersecurity Ventures, there will be a ransomware attack on a business every 14 seconds by the end of 2019, and the same number will reduce down to 11 by the end of 2021.

(Source: Cybersecurity Ventures)

26. FedEx lost $300 million to NotPetya

NotPetya, the ransomware, which is believed to be originated in Ukraine, caused a $300 million loss to the package delivery giant. NotPetya affected a lot of businesses and individuals around the world, but FedEx is among its biggest clients.

(Source: Reuters)

27. Government, manufacturing, and healthcare industries have been the biggest targets of ransomware

Ransomware actors are targeting bigger and data-sensitive organizations more than anyone else. It makes these sectors a juicy target for those behind ransomware. Government, manufacturing, and healthcare comprised 27%, 20%, and 14% of all the ransomware incidents in the first half of 2019.

(Source: Trend Micro)


Not every cybercriminal needs to be an expert hacker or programmer. Some take advantage of human psychology and fool their victims into taking the wrong step. Con artists have been around since time unknown, and phishing is the digital version of it.

Emails, fake websites, and fake advertisements are some of the vectors used by phishing scammers. One should exercise both common sense and extreme precaution to stay safe from such threats. The knowledge of different ways in which phishing scammers operate can also turn out to handy and prevent one from becoming a victim.

28. 59% phishing attacks are for financial gains while the rest of them are for espionage

A significant portion of phishing acts is meant for espionage. The stat throws some light on the ever so increasing use of cyberwarfare. The report also said that 70% of all the breaches associated with a nation state or state-affiliated actors involved fishing.

(Source: Verizon)

29. Number of phishing attacks increased by 36% in 2018

Webroot Threat Report for the year 2019 reported a 220% increase in the number of phishing sites detected. The trend reflected in the number of attacks too. 36% more phishing attacks were there as compared to 2017.

(Source: Webroot)

30. Microsoft is the most preferred brand of phishing criminals

Microsoft is the most duped brand for phishing attacks. Attackers often send out emails intended to gain Microsoft account credentials of a user, which can then lead to loads of trouble for the user. PayPal falls second in the list followed by Facebook at third.

(Source: Vada Secure)

31. One in ten URLs are malicious

10% of the URLs you encounter on the web are malicious. Browsers such as Chrome help the user to identify which sites can be potentially harmful. It even blocks some of these sites automatically.

(Source: Symantec)

32. 48% of malicious email attachments are office files

Hackers are still finding it much easier to bait the users into executing malware by veiling them under office files and attachments. While the use of email saw a 5% increase, nearly half of malicious emails had office files as attachments.

(Source: Symantec)

33. 93% of the phishing domains had an HTTPS website

93% of the phishing domains discovered by Webroot between September and October of 2018 had an HTTPS site. The stat is rather alarming and shows how cybercriminals are leaving no stone unturned to fool users.

(Source: Webroot)

34. 71% of groups use spear-phishing emails as the infection vector

Injecting the malware into the system is among the most difficult tasks for cybercriminals. They are becoming increasingly reliant on spear-phishing emails to introduce the malware into the system. They find it easier to fool humans in an organization to spread the corrupt software, and the trick seems to be working for them at the moment.

(Source: Symantec)

35. 64% of organizations experienced a phishing attack in 2017

Phishing attacks are getting more targeted and organized. 64% of organizations reported experiencing a phishing attack in 2017. With the current trends, it seems like the number is only going to increase in the future.

(Source: Check Point)

36. 1.5 million phishing websites are created each month

The growing number of phishing websites on the internet is a huge concern for all users. One of the ways attackers fool users is that they would dupe webpages of some of the famous brands and lure the user into either downloading a file or filling in the credentials.

(Source: Webroot Threat Report)


Formjacking is an emerging cyber threat that people across the world are facing. The hackers would compromise the website such that they get to access all the sensitive information that the users on it.

Once the information is lost, the user can get into a lot of trouble. Identity theft and monetary gains are the biggest reasons behind such attacks. Additional mechanisms such as 2FA help one minimize the loss against such a fraud.

37. Formjacking compromises more than 4800 websites each month

Formjacking has become an increasingly popular method among cybercriminals. More than 4800 unique websites get affected by formjacking each month.

(Source: Symantec)

38. Formjacking can cause a loss of $2.2 million per month with just 10 credit cards per site

One can easily sell stolen credit card details for $45 on darknet marketplaces. And at the current rate of form jacking, even 10 stolen credit cards per website can fetch cybercriminal $2.2 million each month.

(Source: Symantec)

39. 4,818 unique websites were affected every month by formjacking in 2018

Cybercriminals are finding it much more convenient to sweep out payment-related info of users. The increase in number of websites affected by formjacking is indicative of the fact that it can pose to be serious cybersecurity concern in the coming future.

(Source: Business Today)

40. Hackers might’ve made $17 million from British Airways formjacking attack

The British Airways breach, which led to details stolen of 380,000 cards, might’ve earned cybercriminals $17 million. This estimation comes from the usual rate of stolen credit card details on the dark web. It was equivalent to adding insult to the injury when the airlines were fined £183 million for the data breach.

(Source: Symantec, Independent)


Cryptocurrency used to be only a mean for cybercriminals to stay in the shadows. Payments on darknet marketplaces, the ransom from ransomware, and other kinds of illegal transactions got a boost from cryptocurrency.

The antisocial elements on the internet are now illegally mining this digital currency. Mining cryptocurrency from the internet requires significant computing power. One needs to bear the hefty electricity bills along with the costs for better computer hardware.

Cryptojakckers would bypass this cost of mining by making the devices of their victims do all the leg work. Since the load gets distributed among multiple clients, the victims barely notice the activity happening in the background.

With the decrease in the value of cryptocurrency these days, more and more miners are now moving toward cryptojacking, as its barely a profitable business if one bears all the associated expenses.

41. Cryptojacking reduced with plummeting values of cryptocurrency

Cryptojackers seem to be demotivated by the continuously decreasing value of cryptocurrencies. There was a 52% decrease in cryptojacking incidents in the year 2018. However, one can expect more cryptojacking incidents if the value of digital currency soars up again.

(Source: Symantec)

42. Cryptojacking is now more popular than ransomware among cybercriminals

With organizations applying safeguards against ransomware, cybercriminals are now moving towards another avenue to make some money. Cryptojacking isn’t necessarily malicious for the user’s device and rarely comes under notice. Trends point out more and more hackers now moving towards cryptojacking.

(Source: Forbes)

43. The first reported instance of a cryptojacker getting prison sentence comes from Japan

Yoshida Shinkaru might be the first person to get a prison sentence for being involved in cryptojacking. The 24-year-old hid the mining tool in an online gaming cheat tool. There were approximately 90 downloads of the tool from his blog, and he was able to mine cryptocurrency worth $45.

(Source: ZD Net)

44. Small and medium businesses bear the weight of nearly 83% of the cryptomining traffic

Since small and medium businesses generally can’t bear the cost of robust cybersecurity installations, they turn out to be easy prey for cryptojackers. Large enterprises are very much capable of keeping such dangers at bay.

(Source: Kaspersky)

45. 62% of the cryptomining traffic is from the US

Cryptojackers seem to be specifically targeting the United States. The country accounts for way more cyrptomining traffic than any country else. The next two countries topping the table are Canada and South Africa, with a traffic share of 2% each.

(Source: Kaspersky)

The most noticeable malware attacks

There are a few malware attacks that changed perceptions of cybersecurity. These attacks either affect a large part of the globe, or they are extremely efficient at doing the job they are supposed to do.

We have mentioned a few malware attacks that caught global attention. While most of these attacks had a damaging effect, they left the victims and cybersecurity industry with some lessons to learn.


This is the name of the virus, which caused digital mayhem in the year 2000. The virus was launched from Philippines by a 24-year-old Onel de Guzman. He later claimed that he created virus for his thesis. The virus would open a file named ILOVEYOU, which would contain an attachment LOVE-LETTER-FOR-YOU. Those who lost to the temptation of opening the file, found the virus spreading across the computer affecting files, and even spreading itself to other devices via email, in some cases.

It is believed to have affected 45 million Windows PC. The creator of the virus did not face any legal action since Philippines had no laws regarding cybercrimes such as this one at that time.

(Source: BBC)

47. Sasser virus

This worm created by an 18-year-old German boy spread across a million computers in the year 2004. The worm took benefit of a loophole in Windows devices and needed no human intervention to spread. Unlike other viruses, it would regenerate across devices without the need for email attachment and files.

(Source: Newscientist)

48. Zeus trojan horse

Also known as Zbot, this trojan has infected millions of computers around the globe. Cybercriminals use it to access sensitive information stored in the user’s device. Some of the other threats which come along with Zeus are that it can modify and delete files on your system. Some also use it to deliver ransomware. It can infect any Windows device. Some of the popular victims of this trojan horse are NASA, The Bank of America, Cisco, Amazon, etc.

(Source: Avast)

49. Stuxnet

It is supposedly the most controversial computer virus ever created. Everything about Stuxnet, right from its origin to its purpose, is exciting and mysterious. So many years after the worm was released, one can almost confirm that the United States and Israel are collectively responsible for the creation of Stuxnet. One can also call it the first cyber warfare weapon since the purpose of this worm was to take down a nuclear weapon development program.

And it did exactly that. This sophisticated worm was designed to make the nuclear reactor centrifuge spin so fast that it gets damaged because of the exertion. Once they were able to infect nuclear reactor’s computer with the worm, no one knew what was going wrong as the worm went on to achieve its goal.

(Source: CSO Online)

50. CryptoLocker

This malware has made it to the news more than any other in the past few years. The trojan falls in the broader category of ransomware, and we know that you recognize that word. Initial ransomware attacks involved the use of CryptoLocker. CryptoLocker would get into user’s device via a medium such as email or USB memory stick. It would then encrypt certain files on the hard drive and then ask the user to pay a ransom if they want to obtain the decryption key.

(Source: Kaspersky)


Let’s end all the confusion between the different forms of malware. In this section, we define the different kinds of cyberthreats. It would help you have a better understanding of the subject and differentiate between the different forms.


The word malware is an acronym for malicious software. It is a term used to collectively define the family of software designed to cause troubles in a system. There are several ways by which a malware is injected into the system, and one can further classify them based on the actions of malware.

(Source: SearchSecurity)

52. Virus

People often get confused between malware and a virus. A computer virus functions like a biological one. Once it finds a host, it will wait for the right conditions, and then quickly spread across the system corrupting all the files. Unlike malware, a virus can’t execute on its own.

(Source: YouTube)

53. Worms

A worm is designed to create copies of itself and spread across the entire system or network. It does not require any human interaction for the execution. Cybercriminals use worms for a variety of purposes. It can be to modify and delete files, introduce malware on the system, create backdoors, conduct DDoS attacks and so much more.

(Source: Norton)

54. Ransomware

A ransomware would get into the system and encrypt all the files leaving the user unable to access any of them. The creators would then demand a ransom from the user in return for the decryption key. It is usually the public offices that are on the radar of such malware.

(Source: CSO)

55. Potentially unwanted malware (PUA)

Unlike malware, PUAs are not malicious by nature by they may affect smooth functioning of a system in one way or another. Some examples of such applications are adware, remote administration tools, network scanning tools, uninstall tools, etc. It isn’t difficult to comprehend how one can use PUA for ill purposes.

(Source: Sophos)

56. Adware

An adware is designed to swarm the user’s browser with advertisements. Such malware can be pretty annoying, and it is sometimes difficult to get rid of them. Adware can also lead one to malicious websites, that would automatically initiate downloading unwanted programs without user’s permission.

(Source: Malwarebytes)

57. Spyware

As the name suggests, Spyware would secretly gather and transmit your personal information to the hacker. Such a software can log your banking details and other sensitive information. Another common use to spyware is log user’s online activity and send it to marketing companies.

(Source: Veracode)

58. Trojan Horse

Just like Greeks used a wooden horse gift to enter the closely guarded city of Troy, a trojan horse is often injected into a system disguised as some other software. Once the user installs it, there can be several consequences ranging from the hacker gaining access to your computer to data logging and downloading other malware on the system.

(Source: Kaspersky)

59. Rootkit

A rootkit allows the hacker to gain remote access of the device without letting the user know about it. It is needless to mention that the damage can be catastrophic once the rootkit is in. The hacker can modify and delete files stored on the device, change system configuration and so much more. It can download harmful software of the device and steal away sensitive information.

(Source: Comodo)

60. Bot

Bots are used for used for both genuine and harmful purposes alike. Bots are computer programs designed to automate specific tasks. One comes across a lot of bots in day to day life. These are used instant messaging sites, videogames, online contests, etc. Cybercriminals can use bots to compromise a system in several ways. They can be utilized to launch a DDoS attack, to crawl a server for information, regenerate like worms, create backdoor access for hackers, and so much more.

(Source: Cisco)

Data Sources & References

  1. Isaca
  2. Isaca
  3. Isaca
  4. Google’s Transparency report
  5. Cybint
  6. AV-TEST
  7. Symantec
  8. Malwarebytes
  9. Livewire
  10. Sonic Wall
  11. Sonic Wall
  12. IT Pro Portal
  13. TechNewsWorld
  14. AV-TEST
  15. AV-TEST
  16. SecureList
  17. Kaspersky
  18. G DATA
  19. Accenture
  20. McAfee
  21. McAfee
  22. Cybersecurity Ventures
  23. Coveware
  24. Coveware
  25. Cybersecurity Ventures
  26. Reuters
  27. Trend Micro
  28. Verizon
  29. Webroot
  30. Vada Secure
  31. Symantec
  32. Symantec
  33. Webroot
  34. Symantec
  35. Check Point
  36. Webroot Threat Report
  37. Symantec
  38. Symantec
  39. Business Today
  40. Symantec, Independent
  41. Symantec
  42. Forbes
  43. ZD Net
  44. Kaspersky
  45. Kapersky
  46. BBC
  47. Newscientist
  48. Avast
  49. CSO Online
  50. Kaspersky
  51. SearchSecurity
  52. YouTube
  53. Norton
  54. CSO
  55. Sophos
  56. Malwarebytes
  57. Veracode
  58. Kaspersky
  59. Comodo
  60. Cisco