Malware, Ransomware & Phishing – 60 Facts and Stats You Must Know!

Malwares affect us all. We have become
increasingly dependent on technology and, therefore, a lot more susceptible to
malware intrusions.

The people behind these malwares are
continually coming up with stronger malware and creative ways of injecting them
into the victim’s computer. The situation is a lot graver than what many

While it is nearly impossible to stop the
influx of malware, one can always take preventive measures to stay out of their
reach. Being aware of what’s happening in the malware is among the better
methods of protection from them.

If one is aware of what can hit them, they
might be able to prepare better for a possible attack. This article will help
you expand your knowledge base for malware.

Some of the points might help you realize
the potential threats you might face while others might give you an idea of the
potential damage those threats can cause. Some of the facts might entice you
into looking more into the world of malware, and some might make you go back
and see if your antivirus system is up-to-date or not.


The broader stats

Let us begin with some raw numbers and
charts. Various cybersecurity ventures and enthusiasts keep coming up with data
to throw some light on what is happening in the world of malware. While most of
this information is usually frightening, it can help one better understand and
predict the trends.

We have cherrypicked a handful of such
information to give you a glimpse into what’s happening in the world of

1. Phishing, malware, and social engineering top the chart

The three major kinds of attacks that a
user may face are phishing, malware, and social engineering. This has been the
case for 3 consecutive years now. The share between phishing, malware, and
social engineering is 44%, 31%, and 27%, respectively.

(Source: Isaca)

2. The greatest number of cyberattacks were reported in
North America

43% of the cyberattacks reported last year
were from North America. But this should not be confused with the number of
cyberattacks that happened. There can be some correlation between the total
number of attacks and this stat, but the ratios can fluctuate. A significant
number of cyberattacks are left unreported. Europe accounted for 25% of the
reported cyberattacks.

(Source: Isaca)

3. 28% of all reported cybercrimes were directed at
technology services/consulting industry

The industry seems to attract a lot of
cybercriminals. The banking sector was the next most affected industry, with a
20% share followed by government agencies at 10% of all the cyber crimes

(Source: Isaca)

4. The number of malware incidents is getting lower
whereas phishing is at its all-time high

Google’s transparency report tells that
malware-ridden websites have been on a continuous decline since 2017. However,
the number of phishing websites has increased at an exponential rate in this
period. Cybercriminals seem to be relying more on phishing rather than trying
to insert malware.

(Source: Google’s Transparency report)

5. 65% cyberattacks are directed at small and medium

Cybercriminals are swaying more towards
small and medium businesses. Such organizations don’t usually have enough
resources to be prepared for the more sophisticated attacks. It makes them easy
prey, and the trends reflect the same.

(Source: Cybint)

6. Potentially unwanted application (PUA) made up for only
13.89% of all cyber threats

Malware makes up for most computer threats.
The numbers shown by AV-TEST say that 86.11% threats recorded last year were
all malware.

(Source: AV-TEST)

7. There has been a 56% increase in web attacks

The internet security threat report
published by Symantec revealed that there had been an increase of 56% in the
cyberattacks. The growth seems exponential and equally bad news for users and
cybersecurity officials.

(Source: Symantec)

8. Cybercriminals are targeting businesses for a bigger

There was a 79% increase in malware detections
for businesses as hackers realized that they could make bigger money by
targeting businesses rather than individuals.

(Source: Malwarebytes)

9. The first computer virus was discovered on a Mac

This might be surprising for a lot of ‘i-users’
out there. A computer virus called Elk Cloner was discovered on a Mac back in
1982. The first PC-based malware called Brain was released in 1986.

(Source: Livewire)


Malware isn’t supposed to be confused with
other cyber-threats. It does encompass a wide range of sub-sections of digital
threats, and we have a dedicated section to explain the nomenclature.

For now, this section will give you an idea
of how malware is currently wreaking havoc in the digital world. It not only
causes monetary damage but intellectual and sometimes physical, as well.

The rate of malware attacks is growing at
an alarming rate. And with new kinds of malware showing up now and then, the
cybersecurity industry is always on its toes.

Here are a few facts to enlighten you more
on the matter.

10. SonicWall recorded 10.52 billion malware attacks in

2018 saw an exceptional rise in malware
attacks. The numbers of malware recorded reached 10.52 billion, breaking all
the previous records. However, the number dipped significantly in the next
year. Similar trends appeared in other cybersecurity reports confirming the
decrease in number of malware attacks in 2019.

(Source: Sonic Wall)

11. United States reported more cyberattacks than any
other country even after a 17% decrease

The US continues to be the most malware
affected country. The silver lining is that the number of attacks has reduced
compared to the previous year. The trend was similar in other countries, with a
few exceptions of India, Switzerland, and the Netherlands.

(Source: Sonic Wall)

12. Emails are still the most common vector for spreading

One of the toughest parts of the job for a
hacker is to transmit and execute the malware on the user’s device. It usually
requires someone to run the malware on the device. Emails turn out to the best
way of making someone click on a malicious file. They would often obfuscate the
malware with a usual format such as ZIP, PDF, DOC, etc.

(Source: IT Pro Portal)

13. 32.77% of the world’s computers were infected by some

A report released in 2014 stated that
nearly one-third of computers across the world are dealing with a malware of
some type. The period saw the detection of multiple new malware types, and
trojan horses were the table toppers.

(Source: TechNewsWorld)

14. There is a 14% increase in malware activity compared
to the previous year

AV-TEST recorded a 14% increase in malware
activity in 2019 as compared with 2018. The number is expected to increase
since there was still one month left in 2019 at the time of writing this
article. The rate of increase in malware activity per year seems to be reaching
a plateau, but the growth is still significant.

(Source: AV-TEST)

15. The kinds of macOS malware tripled

The Apple ecosystem is considered a safer
bet compared to a malware-ridden Windows and Android section. But recent trends
show that cybercriminals are getting more interested in macOS. There was a
nearly three times increase in number of malware samples for macOS in the year

(Source: AV-TEST)

16. Mobile phones are getting safer

SecureList reported almost 1 million fewer
mobile malware detections as compared to the second quarter of 2018. The trends
have been steady, and one can feel relatively safer using mobile phones if they
adhere to safe practices.

(Source: SecureList)

17. 28.31% mobile users in Iran are affected by mobile

Iran is the most affected country by mobile
malware. The stats showed that it had the highest percentage of mobile users
affected by malware on their phones. 9.92% users in USA experienced a mobile
malware attack.

(Source: Kaspersky)

18. A new malware is released every 7 seconds

Cybercriminals are churning out malware at
a rate that we have never experienced before. The sheer volume of malware
released every year is a growing concern in cybersecurity communities.

(Source: G DATA)

19. Malware attacks are burning holes in pockets of

Malware costs an average of $2.6 million to
an organization each year. This is an increase of 11% compared to the figures
from previous year data. This is much higher compared to other cyber threats
that an organization faces. Web-based attacks and DDoS follow malware in the
list of most expensive cyber threats for organizations.

(Source: Accenture)

20. At the current rate, mobile malware will become a billion-dollar
industry by 2020

With the continuous increase in the number
of mobile internet users across the world and the influx of more sophisticated
mobile malware, cybercriminals might cause damage of as much as $1 billion.

(Source: McAfee)


Ransomware is among the most widely discussed cyber-attacks of all time. It affected institutions and individuals across the world in its prime. It is still a significant threat to for everyone with new forms of ransomware coming in the mix.

Ransomware would encrypt the data and then demand
a ransom if the owner wishes to regain control of the data. People had no clue
of what to do when the ransomware wave hit the world back in 2016.
Cybersecurity experts preach not to give up to their demands as it will only
motivate them to keep coming back.

Keeping the backup of the information stored
on a remote drive is among the best ways to deal with this threat.

21. Ransomware attacks grew by 118% in the first quarter
of 2019

McAfee’s quarterly report suggested
ransomware actors are getting more active. It also discussed how cybercriminals
are moving towards other vectors instead of relying on mass campaigns. The
trend doesn’t bring good news for businesses.

(Source: McAfee)

22. Global ransomware damages will be $20 billion by 2021

It seems like we are going to keep hearing
about ransomware. It is predicted that there will be $20 billion in damages by
the year 2021. It will be a 57 percent increase compared to what the associated
cost was in 2015.

(Source: Cybersecurity Ventures)

23. Ransomware decreases in volume but still producing
hefty amounts for cybercriminals

The average cost of ransom increased to
$36,295 in the second quarter of 2019. This is a 184% increase compared to what
the number was in the previous quarter.

(Source: Coveware)

24. Average downtime because of ransomware is 9.6 days

The average number of days needed to
resolve an issue is almost 10 days in the second quarter of 2019. It is more
than a 30% increase compared to the previous quarter. The increase can mostly
be attributed to the introduction of more sophisticated ransomware.

(Source: Coveware)

25. Ransomware is expected to attack a business every 11
seconds by the end of 2021

According to predictions by Cybersecurity
Ventures, there will be a ransomware attack on a business every 14 seconds by
the end of 2019, and the same number will reduce down to 11 by the end of 2021.

(Source: Cybersecurity Ventures)

26. FedEx lost $300 million to NotPetya

NotPetya, the ransomware, which is believed
to be originated in Ukraine, caused a $300 million loss to the package delivery
giant. NotPetya affected a lot of businesses and individuals around the world,
but FedEx is among its biggest clients.

(Source: Reuters)

27. Government, manufacturing, and healthcare industries
have been the biggest targets of ransomware

Ransomware actors are targeting bigger and
data-sensitive organizations more than anyone else. It makes these sectors a
juicy target for those behind ransomware. Government, manufacturing, and
healthcare comprised 27%, 20%, and 14% of all the ransomware incidents in the
first half of 2019.

(Source: Trend Micro)


Not every cybercriminal needs to be an
expert hacker or programmer. Some take advantage of human psychology and fool
their victims into taking the wrong step. Con artists have been around since
time unknown, and phishing is the digital version of it.

Emails, fake websites, and fake
advertisements are some of the vectors used by phishing scammers. One should
exercise both common sense and extreme precaution to stay safe from such
threats. The knowledge of different ways in which phishing scammers operate can
also turn out to handy and prevent one from becoming a victim.

28. 59% phishing attacks are for financial gains while the
rest of them are for espionage

A significant portion of phishing acts is
meant for espionage. The stat throws some light on the ever so increasing use
of cyberwarfare. The report also said that 70% of all the breaches associated
with a nation state or state-affiliated actors involved fishing.

(Source: Verizon)

29. Number of phishing attacks increased by 36% in 2018

Webroot Threat Report for the year 2019
reported a 220% increase in the number of phishing sites detected. The trend
reflected in the number of attacks too. 36% more phishing attacks were there as
compared to 2017.

(Source: Webroot)

30. Microsoft is the most preferred brand of phishing

Microsoft is the most duped brand for
phishing attacks. Attackers often send out emails intended to gain Microsoft
account credentials of a user, which can then lead to loads of trouble for the
user. PayPal falls second in the list followed by Facebook at third.

(Source: Vada Secure)

31. One in ten URLs are malicious

10% of the URLs you encounter on the web
are malicious. Browsers such as Chrome help the user to identify which sites
can be potentially harmful. It even blocks some of these sites automatically.

(Source: Symantec)

32. 48% of malicious email attachments are office files

Hackers are still finding it much easier to
bait the users into executing malware by veiling them under office files and
attachments. While the use of email saw a 5% increase, nearly half of malicious
emails had office files as attachments.

(Source: Symantec)

33. 93% of the phishing domains had an HTTPS website

93% of the phishing domains discovered by
Webroot between September and October of 2018 had an HTTPS site. The stat is
rather alarming and shows how cybercriminals are leaving no stone unturned to fool

(Source: Webroot)

34. 71% of groups use spear-phishing emails as the
infection vector

Injecting the malware into the system is among
the most difficult tasks for cybercriminals. They are becoming increasingly
reliant on spear-phishing emails to introduce the malware into the system. They
find it easier to fool humans in an organization to spread the corrupt
software, and the trick seems to be working for them at the moment.

(Source: Symantec)

35. 64% of organizations experienced a phishing attack in

Phishing attacks are getting more targeted
and organized. 64% of organizations reported experiencing a phishing attack in
2017. With the current trends, it seems like the number is only going to
increase in the future.

(Source: Check Point)

36. 1.5 million phishing websites are created each month

The growing number of phishing websites on the
internet is a huge concern for all users. One of the ways attackers fool users
is that they would dupe webpages of some of the famous brands and lure the user
into either downloading a file or filling in the credentials.

(Source: Webroot Threat Report)


Formjacking is an emerging cyber threat that people across the world are facing. The hackers would compromise the website such that they get to access all the sensitive information that the users on it.

Once the information is lost, the user can
get into a lot of trouble. Identity theft and monetary gains are the biggest
reasons behind such attacks. Additional mechanisms such as 2FA help one
minimize the loss against such a fraud.

37. Formjacking compromises more than 4800 websites each

Formjacking has become an increasingly
popular method among cybercriminals. More than 4800 unique websites get
affected by formjacking each month.

(Source: Symantec)

38. Formjacking can cause a loss of $2.2 million per month
with just 10 credit cards per site

One can easily sell stolen credit card
details for $45 on darknet marketplaces. And at the current rate of form jacking,
even 10 stolen credit cards per website can fetch cybercriminal $2.2 million
each month.

(Source: Symantec)

39. 4,818 unique websites were affected every month by
formjacking in 2018

Cybercriminals are finding it much more
convenient to sweep out payment-related info of users. The increase in number
of websites affected by formjacking is indicative of the fact that it can pose
to be serious cybersecurity concern in the coming future.

(Source: Business Today)

40. Hackers might’ve made $17 million from British Airways
formjacking attack

The British Airways breach, which led to details
stolen of 380,000 cards, might’ve earned cybercriminals $17 million. This
estimation comes from the usual rate of stolen credit card details on the dark
web. It was equivalent to adding insult to the injury when the airlines were
fined £183 million for the data breach.

(Source: Symantec, Independent)


Cryptocurrency used to be only a mean for
cybercriminals to stay in the shadows. Payments on darknet marketplaces, the
ransom from ransomware, and other kinds of illegal transactions got a boost
from cryptocurrency.

The antisocial elements on the internet are
now illegally mining this digital currency. Mining cryptocurrency from the
internet requires significant computing power. One needs to bear the hefty
electricity bills along with the costs for better computer hardware.

Cryptojakckers would bypass this cost of
mining by making the devices of their victims do all the leg work. Since the
load gets distributed among multiple clients, the victims barely notice the
activity happening in the background.

With the decrease in the value of
cryptocurrency these days, more and more miners are now moving toward
cryptojacking, as its barely a profitable business if one bears all the
associated expenses.

41. Cryptojacking reduced with plummeting values of

Cryptojackers seem to be demotivated by the
continuously decreasing value of cryptocurrencies. There was a 52% decrease in
cryptojacking incidents in the year 2018. However, one can expect more
cryptojacking incidents if the value of digital currency soars up again.

(Source: Symantec)

42. Cryptojacking is now more popular than ransomware
among cybercriminals

With organizations applying safeguards
against ransomware, cybercriminals are now moving towards another avenue to
make some money. Cryptojacking isn’t necessarily malicious for the user’s device
and rarely comes under notice. Trends point out more and more hackers now
moving towards cryptojacking.

(Source: Forbes)

43. The first reported instance of a cryptojacker getting
prison sentence comes from Japan

Yoshida Shinkaru might be the first person
to get a prison sentence for being involved in cryptojacking. The 24-year-old
hid the mining tool in an online gaming cheat tool. There were approximately 90
downloads of the tool from his blog, and he was able to mine cryptocurrency
worth $45.

(Source: ZD Net)

44. Small and medium businesses bear the weight of nearly
83% of the cryptomining traffic

Since small and medium businesses generally
can’t bear the cost of robust cybersecurity installations, they turn out to be
easy prey for cryptojackers. Large enterprises are very much capable of keeping
such dangers at bay.

(Source: Kaspersky)

45. 62% of the cryptomining traffic is from the US

Cryptojackers seem to be specifically
targeting the United States. The country accounts for way more cyrptomining
traffic than any country else. The next two countries topping the table are
Canada and South Africa, with a traffic share of 2% each.

(Source: Kaspersky)

The most noticeable malware attacks

There are a few malware attacks that
changed perceptions of cybersecurity. These attacks either affect a large part
of the globe, or they are extremely efficient at doing the job they are
supposed to do.

We have mentioned a few malware attacks
that caught global attention. While most of these attacks had a damaging
effect, they left the victims and cybersecurity industry with some lessons to


This is the name of the virus, which caused
digital mayhem in the year 2000. The virus was launched from Philippines by a
24-year-old Onel de Guzman. He later claimed that he created virus for his
thesis. The virus would open a file named ILOVEYOU, which would contain an
attachment LOVE-LETTER-FOR-YOU. Those who lost to the temptation of opening the
file, found the virus spreading across the computer affecting files, and even
spreading itself to other devices via email, in some cases.

It is believed to have affected 45 million
Windows PC. The creator of the virus did not face any legal action since
Philippines had no laws regarding cybercrimes such as this one at that time.

(Source: BBC)

47. Sasser virus

This worm created by an 18-year-old German
boy spread across a million computers in the year 2004. The worm took benefit
of a loophole in Windows devices and needed no human intervention to spread.
Unlike other viruses, it would regenerate across devices without the need for
email attachment and files.

(Source: Newscientist)

48. Zeus trojan horse

Also known as Zbot, this trojan has
infected millions of computers around the globe. Cybercriminals use it to
access sensitive information stored in the user’s device. Some of the other
threats which come along with Zeus are that it can modify and delete files on
your system. Some also use it to deliver ransomware. It can infect any Windows
device. Some of the popular victims of this trojan horse are NASA, The Bank of
America, Cisco, Amazon, etc.

(Source: Avast)

49. Stuxnet

It is supposedly the most controversial
computer virus ever created. Everything about Stuxnet, right from its origin to
its purpose, is exciting and mysterious. So many years after the worm was
released, one can almost confirm that the United States and Israel are
collectively responsible for the creation of Stuxnet. One can also call it the
first cyber warfare weapon since the purpose of this worm was to take down a
nuclear weapon development program.

And it did exactly that. This sophisticated
worm was designed to make the nuclear reactor centrifuge spin so fast that it
gets damaged because of the exertion. Once they were able to infect nuclear
reactor’s computer with the worm, no one knew what was going wrong as the worm
went on to achieve its goal.

(Source: CSO Online)

50. CryptoLocker

This malware has made it to the news more
than any other in the past few years. The trojan falls in the broader category
of ransomware, and we know that you recognize that word. Initial ransomware
attacks involved the use of CryptoLocker. CryptoLocker would get into user’s
device via a medium such as email or USB memory stick. It would then encrypt
certain files on the hard drive and then ask the user to pay a ransom if they
want to obtain the decryption key.

(Source: Kaspersky)


Let’s end all the confusion between the
different forms of malware. In this section, we define the different kinds of
cyberthreats. It would help you have a better understanding of the subject and
differentiate between the different forms.


The word malware is an acronym for malicious
software. It is a term used to collectively define the family of software
designed to cause troubles in a system. There are several ways by which a
malware is injected into the system, and one can further classify them based on
the actions of malware.

(Source: SearchSecurity)

52. Virus

People often get confused between malware
and a virus. A computer virus functions like a biological one. Once it finds a
host, it will wait for the right conditions, and then quickly spread across the
system corrupting all the files. Unlike malware, a virus can’t execute on its

(Source: YouTube)

53. Worms

A worm is designed to create copies of
itself and spread across the entire system or network. It does not require any
human interaction for the execution. Cybercriminals use worms for a variety of
purposes. It can be to modify and delete files, introduce malware on the
system, create backdoors, conduct DDoS attacks and so much more.

(Source: Norton)

54. Ransomware

A ransomware would get into the system and
encrypt all the files leaving the user unable to access any of them. The
creators would then demand a ransom from the user in return for the decryption
key. It is usually the public offices that are on the radar of such malware.

(Source: CSO)

55. Potentially unwanted malware (PUA)

Unlike malware, PUAs are not malicious by
nature by they may affect smooth functioning of a system in one way or another.
Some examples of such applications are adware, remote administration tools,
network scanning tools, uninstall tools, etc. It isn’t difficult to comprehend
how one can use PUA for ill purposes.

(Source: Sophos)

56. Adware

An adware is designed to swarm the user’s
browser with advertisements. Such malware can be pretty annoying, and it is
sometimes difficult to get rid of them. Adware can also lead one to malicious
websites, that would automatically initiate downloading unwanted programs
without user’s permission.

(Source: Malwarebytes)

57. Spyware

As the name suggests, Spyware would
secretly gather and transmit your personal information to the hacker. Such a
software can log your banking details and other sensitive information. Another
common use to spyware is log user’s online activity and send it to marketing

(Source: Veracode)

58. Trojan Horse

Just like Greeks used a wooden horse gift
to enter the closely guarded city of Troy, a trojan horse is often injected into
a system disguised as some other software. Once the user installs it, there can
be several consequences ranging from the hacker gaining access to your computer
to data logging and downloading other malware on the system.

(Source: Kaspersky)

59. Rootkit

A rootkit allows the hacker to gain remote
access of the device without letting the user know about it. It is needless to
mention that the damage can be catastrophic once the rootkit is in. The hacker
can modify and delete files stored on the device, change system configuration
and so much more. It can download harmful software of the device and steal away
sensitive information.

(Source: Comodo)

60. Bot

Bots are used for used for both genuine and
harmful purposes alike. Bots are computer programs designed to automate
specific tasks. One comes across a lot of bots in day to day life. These are
used instant messaging sites, videogames, online contests, etc. Cybercriminals
can use bots to compromise a system in several ways. They can be utilized to launch
a DDoS attack, to crawl a server for information, regenerate like worms, create
backdoor access for hackers, and so much more.

(Source: Cisco)

Data Sources & References

  1. Isaca
  2. Isaca
  3. Isaca
  4. Google’s
    Transparency report
  5. Cybint
  6. AV-TEST
  7. Symantec
  8. Malwarebytes
  9. Livewire
  10. Sonic
  11. Sonic
  12. IT
    Pro Portal
  13. TechNewsWorld
  14. AV-TEST
  15. AV-TEST
  16. SecureList
  17. Kaspersky
  18. G
  19. Accenture
  20. McAfee
  21. McAfee
  22. Cybersecurity
  23. Coveware
  24. Coveware
  25. Cybersecurity
  26. Reuters
  27. Trend
  28. Verizon
  29. Webroot
  30. Vada
  31. Symantec
  32. Symantec
  33. Webroot
  34. Symantec
  35. Check
  36. Webroot
    Threat Report
  37. Symantec
  38. Symantec
  39. Business
  40. Symantec,
  41. Symantec
  42. Forbes
  43. ZD
  44. Kaspersky
  45. Kapersky
  46. BBC
  47. Newscientist
  48. Avast
  49. CSO
  50. Kaspersky
  51. SearchSecurity
  52. YouTube
  53. Norton
  54. CSO
  55. Sophos
  56. Malwarebytes
  57. Veracode
  58. Kaspersky
  59. Comodo
  60. Cisco