By using website you agree to our use of cookies as described in our cookie policy. Learn More


Almost Half of All Ransomware Attacks Target U.S. Firms

Survey examines ransomware attacks that affected companies with over $4 trillion of combined revenue; which are at highest risk?

Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.

U.S. companies are the number one target for ransomware, with nearly half (46%) of all ransomware attacks happening there, new research by cybersecurity company NordLocker reveals. The study examined several databases of ransomware incidents that affected more than 5,000 companies worldwide. With a joint revenue of $4.15T, the investigated companies produce more value than Germany’s entire GDP.

The research was carried out to find out which companies are at the highest risk of being targets for ransomware. Apart from the location of the attack, researchers looked at factors such as the most active ransomware groups, the most affected industries, and company sizes.

NordLocker’s research revealed that out of 18 industries, construction (12% of all attacks), manufacturing (10%), and transportation (8%) industries are at the highest risk of being targeted by ransomware in the United States.

“Ransomware gangs usually decide who their next target is by looking at variables such as the company’s importance in supply chains, the quantity of confidential information that it handles, and other factors that, in the case of an attack, put pressure on the company to get operations back up and running,” says NordLocker’s CTO, Tomas Smalakys. “When you look at the data through this lens, you see why certain industries receive the majority of attacks.”

Small Businesses at Heightened Risk

Company size is another major factor in the probability of a ransomware attack. In the U.S., small businesses (up to 200 employees) are at the highest risk, accounting for nearly two-thirds of all attacks (66%). Companies with an employee count of 51-200 are the victims of 29% of attacks; those with 11-50 employees are victims of 22% of ransomware hacks.

“Small businesses are lucrative targets for ransomware gangs because cybersecurity is often left on the sidelines. Smaller businesses justifiably prioritize growing their operation, with cybersecurity left out of budget calculations. The lack of attention towards security, combined with the usually slim profit margins small companies have to deal with, makes them not only easy to attack but very likely to pay the ransom as well because they lack the funds needed to hold off a prolonged halt of operations,” says Smalakys.

Other Findings

  • Among the affected are some of the biggest institutions worldwide, including a Fortune 100 company and a well-known educational institution based in the U.S.
  • The U.S. suffers the most from attacks launched by the Conti ransomware group, which is responsible for 18% of all attacks. LockBit group takes second place (12%), with Pysa (7%), and REvil (7%) following suit
  • Five percent of ransomware attacks on U.S. organizations targeted public sector institutions
  • The state of Michigan is the most affected by ransomware; Missouri is the least

Methodology: Data was collected from publicly available blogs where ransomware gangs post the names of their victims and their demands. The ransomware attacks under investigation all happened during the period between 01/01/2020 to 01/07/2022. Financial and industry information was collected from publicly available databases.

The full report can be found here: (short registration required).

TDWI Membership

Get immediate access to training discounts, video library, research, and more.

Find the right level of Membership for you.