Ransomware Continues to Dominate Cyberattacks, Verizon Report Says

Cybercriminals have realized it's easier to lock up data than to steal it.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
2 min read
Outline of a lock against a backdrop of code.

The use of ransomware in cyberattacks continues to grow .


Ransomware continued to dominate cyberattacks in 2021 as attackers focused on making quick money by locking up data, rather than stealing it.

Attacks involving ransomware, which involves malicious code scrambling the data on a victim's computer, increased 13% for the year, equaling the rise of the previous five years combined, according to Verizon's 2022 Data Breach Investigations Report.

As part of the annual report, Verizon 's 15th, researchers analyzed data from 5,212 breaches and 23,896 security incidents. By comparison, Verizon's first report in 2008 looked at 500 incidents spread over a three-year period.

"It's been a very wild journey," Alex Pinto, one of the study's lead authors, said in an interview. He added that in 2008 nobody had really thought to quantify and measure cyberattacks.

Ransomware grabbed headlines in 2021, as high-profile attacks hit companies including Colonial Pipeline and JBS USA. Both the pipeline operator and the meat processor paid the equivalent of millions of dollars to have their data unlocked, but the shutdowns of their businesses caused panic buying and spikes in gas and meat prices. 

Fifteen years ago, ransomware was barely a factor, the report notes. While researchers spotted it in 2008, ransomware attacks didn't generate enough data to write about until 2013.

These days, many cybercriminals have found they can make more money with less work by locking up a company's data rather stealing it for financial fraud or identity theft, Pinto said. Though cases of data theft still occur, selling pilfered information adds time and risk for cyberattackers, he said.

"The only sure consumer of a company's data is the company itself," Pinto said. "It's much simpler."

Meanwhile, human beings continue to be the weak link when it comes to attacks, regardless of whether they're ransomware attacks or data breaches. Over the past 15 years, the use of social engineering, which involves a cybercriminal convincing a person to download malware or hand over credentials, has risen to 25% from 10% of the total number of breaches.

Combined with human errors and the misuse of technology, the human factor accounted for 82% of last year's breaches. While that's down slightly from 85% the year before, it still accounts for the vast majority of breaches, the report said.