Skip links
New report on ransomware attacks

Ransomware criminals steal 10 terabytes of data each month

Ransomware criminals stole about 10 terabytes of data each month between May 2021 and June 2022. 58.2% of the data stolen included employees’ personal data, An analysis indicate that a large number of affected companies pay the cyber criminals. “Publicly reported ransomware incidents are only the tip of the iceberg”, says the European Union Agency for Cybersecurity (ENISA) in a new report.

“Information about the disclosed incidents is quite limited since in most cases the affected organisations are unaware of how threat actors managed to get initial access. In the end, organisations might deal with the issue internally (e.g. decide to pay the ransom) to avoid negative publicity and ensure business continuity.”

Read Also:  No More Ransom coordinating defense against cyber crooks

“However, such an approach does not help fight the cause – on the contrary, it encourages the phenomenon instead, fuelling the ransomware business model in the process”, the report says.

ENISA analysed a total of 623 ransomware incidents across the EU, the UK and the US from May 2021 to June 2022. The data was gathered from governments’ and security companies’ reports, from the press, verified blogs and in some cases using related sources from the dark web.


  • Between May 2021 and June 2022 about 10 terabytes of data were stolen each month by ransomware threat actors. 58.2% of the data stolen included employees’ personal data.
  • At least 47 unique ransomware threat actors were found.
  • For 94.2% of incidents, it is not known whether the company paid the ransom or not. However, when the negotiation fails, the attackers usually expose and make the data available on their webpages. This is what happens in general and is a reality for 37,88% of incidents.
  • The report therefore concludes that the remaining 62,12% of companies either came to an agreement with the attackers or found another solution.
  • Companies of every size and from all sectors are affected.
  • The total number of attacks is impossible to capture since too many organisations still do not make their incidents public or do not report on them to the relevant authorities.

The report says ransomware attacks either Lock, Encrypt, Delete or Steal the target’s assets. Targeted assets can be anything such as documents or tools from files, databases, web services, content management systems, screens, master boot records (MBR), master file tables (MFT).

The report’s recommendations:

  • Strengthen your resilience against ransomware by taking actions such as:
  • keep an updated backup of your business files & personal data;
  • keep this backup isolated from the network;
  • apply the 3-2-1 rule of backup: 3 copies, 2 different storage media, 1 copy offsite;
  • run security software designed to detect most ransomware in your endpoint devices;
  • restrict administrative privileges; etc.
  • If you fall victim of a ransomware attack:
  • contact the national cybersecurity authorities or law enforcement for guidance;
  • do not pay the ransom and do not negotiate with the threat actors;
  • quarantine the affected system;
  • visit the No More Ransom Project, a Europol initiative.
Read Also:  Coordinated strategy needed to increase cyber defense



Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.

Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!

We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.

    Do you want an experienced opinion on a job issue?
    Moonshot Manager is here to answer!

      Moonshot community sharing thoughts and ideas, in a anonymous, safe environment.