+65 Malware Statistics for 2024

Malware Statistics

What does a typical malware attack look like right now? Who’s being hit, and why? What kind of damage does malware cause, and what can be done to mitigate its effects? 

For current and aspiring cyber security professionals, knowledge always equals power. Familiarity with current and recent malware statistics helps you flesh out your understanding of the threat landscape. 

When showing the importance of malware threat mitigation and the need for vigilance in business, real-life facts and figures can go a long way in helping you make your case. 

With this in mind, here are the latest malware statistics, recent trends, and threat actor behavior patterns that underpin them. 

If you’re ready, let’s dive in. 

Trends in Malware 

Especially when looking at statistics on overall malware volume, it’s worth remembering that many individual malware samples only have a limited shelf life: i.e., they are only in active use by threat actors for a short period before they move onto new variants. 

Nevertheless, rising malware volumes and continued high attack rates demonstrate that malware-related attacks remain an extremely serious cyber threat. 

Malware Volumes 

1. There are around 1.2 billion malicious programs and potentially unwanted applications (PUA) in existence. 

Malware Volumes

2. In 2023, more than 100 million strains of malware and PUA were identified by AV-Test. 

3. Recently, the most active year for new malware variants was 2021, when around 150 million new programs were identified. 

Volume of New Malware and PUA detected (by year)

 4. Last year, threat actors deployed an average of 200,454 unique malware scripts per day - or roughly 1.5 new samples per minute. 

Malware Attack Rates 

5. Last year, 81% of organizations faced malware threats, phishing attacks, and password attacks

6. In 2022, there were 5.5 billion malware attacks worldwide, a 2% increase from the previous year.

7. In recent years, the highest number of malware attacks was in 2018 (10.5 billion attacks globally).

Malware Attack Rates

8. In 2023, malware showed up in 40% of data breaches—which is 30% up from 2022.

Malware Categories and Variants 

Ransomware remains the most prevalent malware category (for more detailed information on this type of threat, be sure to check out our latest rundown of ransomware statistics). Recent malware statistics also highlight a growing trend in the volume of attacks aimed at IoT devices.

Malware Variants

9. In 2022, according to Trend Micro Smart Protection Network detections, worms were the most frequently blocked category of malware. 

Malware Variants

10. Webshell, Emotet, and Negasteal were the three most frequently detected malware families detected in 2022. 

Most Frequently Detected Malware Families (2022)

11. According to Trend Micro, Webshell was the single most frequently-encountered malware family encountered in H1 2023. This type of malware exploits vulnerabilities in internet-facing web servers. 

6. Top 5 Malware Families (H1 2023)

12. XLoader Packer was the most frequently encountered category of Android malware in H1 2023. This is a backdoor trojan that uses Domain Name System (DNS) spoofing to distribute malware infections through Android apps. 

Top 5 Android Malware Families (H1 2023)

13. In the year to June 2023, Magniber was the most commonly-encountered malware variant used in ransomware attacks. It was found in approximately 21% of all ransomware encounters. 

14. The top four ransomware variants (Magniber, Lockbit, Hive, and BlackCat) comprise 65% of all ransomware encounters. 

Breakdown of Ransomware by Variants

Malware File Names 

15. The most commonly encountered malware file name is “purchase order.exe.” 

Malware File Names

The Persistent Threat of Ransomware 

16. Ransomware is the most common form of malware. Ransomware is present in almost 70% of malware-related breaches, and 24% of all breaches overall.

17. In 2022, there were around 500 million ransomware attacks globally. 

18. The worst year on record for ransomware attacks was 2021, when over 600 million attacks occurred across the globe. 

19. In 2021, it was estimated that someone falls victim to a ransomware attack every 11 seconds.  

20. Experts predict that by 2031, ransomware will attack an organization, consumer, or device every 2 seconds. 

Ransomware Attack Trends

IoT Malware Variants 

21. 2022 saw an 87% year-on-year increase in the number of malware attacks targeting Internet-of-Things (IoT) devices (112.3 million attacks globally). 

IoT Malware Variants

22. In 2022, the finance sector saw a 252% year-on-year increase in the volume of IoT malware attacks—the most significant increase of any industry sector.

IoT Growth by Sector

Targets of Malware 

Globally, the USA sees the lion’s share of malware attacks. However, when it comes to the chances of being hit by malware—i.e., the volume of attacks compared to the number of devices/users—the malware statistics tell a very different story. 

Malware Attacks by Global Region 

23. North America remains the region most frequently attacked by malware. However, in 2022, there was a 10% year-on-year decrease in the volume of attacks to 2.75 billion, the region’s lowest total since 2017. 

24. In 2022, Europe, LATAM, and Asia recorded double-digit increases in the volume of malware attacks of 10%, 17%, and 38% respectively.  

Malware Attacks by Country 

25. The United States is the country most frequently attacked by malware. In 2022, the United States saw ~2.7 billion malware attacks, out of ~5.5 billion attacks globally.

Malware Attacks by Country

26. Of US states, California has the highest malware attack volume.

US States with the Highest Malware Attack Volumes
Malware Volume - US States

27. Based on malware spread—i.e., number of attacks per-head of the population—Kansas is the US state where the risk of malware attack is highest.

Top Riskiest US States for Malware

28. Vietnam is the country with the highest malware spread—i.e., the largest volume of malware attacks compared to the size of the population. 

2022 Malware Spread - Top 10 Countries

29. According to NordLocker’s analysis, the United States is the country most frequently attacked by ransomware. In 2022, the country experienced 38.8% of all attacks. 

Countries Most Targeted by Ransomware Attacks

Industries Most Hit by Malware 

30. Education is the industry sector most likely to be hit by a malware attack. The volume of attacks against this sector rose by 157% between 2021 and 2022. 

31. Between 2021 and 2022, the volume of malware threats targeting the healthcare industry fell by 15%.

32. In the year to 2023, the retail and finance sectors saw year-on-year increases in the volume of malware attacks of 50% and 86% respectively. 

Malware Attack Volumes by Industry

33. According to Sophos, 66% of organizations were targeted by ransomware attempts in 2022. The sector breakdown is as follows: 

Rate of Ransomware Attacks by Industry

Malware Attacks and Organization Size 

34. In the year to June 2023, 70% of organizations encountering human-operated ransomware had fewer than 500 employees.

35. Based on ransomware cases analyzed by NordLocker that occurred between January 2022 and January 2023, small and medium-sized companies between 11 and 50 employees, as well as companies with 51-200 employees, suffered the most cyber attacks, based on a cyber attack-per-employee ratio.

Ransomware Case by Employee Count Jan 2022 - Jan 2023

Motives of Malware Attackers 

Especially following the war in Ukraine, state-sponsored and politically motivated malware attacks have grabbed a lot of headlines. 

While these incidents are increasing in volume, it’s still the case that a very large majority of malware attacks are motivated by plain, old-fashioned greed. 

Malware Threat Actors: Identity 

36. Top 10 Ransomware Groups in the year to June 2023: 

Top 10 Ransomware Groups in the year to June 2023

Financial Motivations of Malware Threat Actors 

37. Verizon’s 2023 Data Breach Investigations Report suggests that the vast majority (94.6%) of cyber security breaches—including malware attacks—are driven by financial motivations.

38. An estimated 65% of threat actors are thought to be linked to organized crime. Around 15% fall into the “other” category (e.g., lone wolf attackers).

39. Ransomware is present in 59% of all incidents with a financial motivation.

40. Ransomware is present in 62% of all incidents committed by organized crime actors.

Malware and Nation-State/State-Sponsored Activity 

41. It is estimated that around 5% of threat actors are nation-state or state-affiliated attackers.

42. Espionage is the motivator for approximately 3% of attacks. “Ideology” and  Grudge” are the motivators of around 1% of attacks each. 

43. In 2022, Ukraine witnessed an 8,105% increase in total malware attacks, including a 5,835% increase in ransomware.

44. In 2021, an estimated 74% of all money made through ransomware attacks went to Russia-linked hackers. 

45. In H2 2021, The US Treasury’s Financial Crimes Enforcement Network found that 75% of ransomware-related incidents were linked to Russia, its proxies, or persons acting on its behalf. 

46. In the year to June 2023, almost half of attacks by Russian state or state-affiliated cyber threat actors were targeted against Ukraine. A further 36% of attacks were targeted at NATO member states. 

47. Education (16%), Government (12%) and Think Tanks / NGOs (11%) are the sectors most frequently targeted by state-sponsored threat groups globally.

Sector Most Targeted by State-Sponsored Threat Groups

Methods, Technologies, and AI in Malware Creation and Distribution 

Recent statistics show that threat actors are adapting malware in light of new working models (e.g., working from home). They’re using it to support crypto mining scams in ever-growing numbers. They are also putting AI to work to create new malware scripts.

Malware and Remote Work 

48. In 2023, 62% of companies suffered a security breach connected to remote working. Poorly secured home networks, multiple unknown users, and lower policy adherence are identified by Verizon as factors that increase the risk of malware infections.

49. In 2021, the percentage of organizations that experienced installation of malware on a remote device doubled from 3% to 6%.

Malware and the Growing Crypto-Jacking Threat 

50. 2023 witnessed a 399% global rise in crypto-jacking, i.e., the unauthorized use of another party’s device to mine cryptocurrency by infecting the target device with XMRig mining malware.

51. In 2023, Microsoft observed evidence of current or previous unauthorized coin mining activity in 4.2% of all its customer security engagements. 

Malware Generation and AI 

52. Almost half (46%) of senior security professionals believe that generative AI will increase their organization’s vulnerability to attacks, making it easier for threat actors to create and launch attacks.

53. Within days of its launch in July 2023, the Telegram channel for Worm-GPT, a malware and phishing campaign generation tool, had picked up more than 5,000 followers.

Impact of Malware Attacks 

Statistics show that malware's implications are significant in terms of financial cost and broader disruption. A majority of organizations realize the need for more anti-malware measures. 

Cost of Malware Attacks 

54. The total global cost of ransomware exceeded $30 billion last year. 

55. According to IBM, the global average cost of a data breach in 2023—including breaches caused by malware—was $4.45 million, which is 15% more than in 2020.

56. For companies with an annual turnover of less than $10 million, the average cost of recovery following a ransomware attack is $165,520. 

57. In 2021, average ransomware demands were estimated at $220,298—a 43% increase from 2020.

58. Based on FBI data, the median amount paid by ransomware victims to threat actors is $10,000.

59. In 2023, 84% of private sector organizations hit by ransomware reported that the attack caused them to lose revenue. 

60. Lower education (94%) and construction (93%) were the sectors most likely to report some loss of business/revenue.

Readiness to Mitigate the Malware Threat 

61. 68% of IT professionals responsible for malware detection say they face challenges in detecting both known and unknown variants of malware. 

62. 67% of businesses say they are “grappling with inadequate signature-based solutions” for dealing with the malware threat. 

63. 54% of IT professionals say they are dealing with fragmented tools for detecting malware. 

64. 68% of organizations recognize the need for additional investments in tools and processes to enhance their malware detection and threat intelligence capabilities. 

65. Just 22% of businesses describe their threat intelligence programs as “fully mature.” Most say they are still in the early stages of development. 

New Technologies for Responding to Malware 

66. AI-based threat intelligence tools are up to 300% more accurate than traditional techniques at detecting attempts by malicious scripts to target a device with a common vulnerability. 

67. AI tools may be able to identify 70% more malicious scripts than traditional techniques alone. 

68. Just 11% of IT managers currently use AI for threat detection, but 56% are optimistic about the use of it in the future.

Attitudes of Cyber Security Professionals to AI

Notable Malware Attacks 


Made public in May 2023, a vulnerability in the MOVEit file transfer solution was exploited by multiple hacker groups. Within six months, these attacks had impacted over 2,000 organizations and exposed the data of 60 million people. Get the full lowdown on this breach here:

Ukraine Power Grid Attack 

The potential of malware attacks hitting critical infrastructure has received a lot of coverage since Russia’s attack on Ukraine. However, one of the most significant attacks predates the current conflict. The 2015 attack on the Ukraine Power Grid was the first of its kind.

Worm-GPT Recalibrates 

We’ve touched on the emerging trend of hackers using the power of generative AI for creating new malware scripts. This video illustrates how the founders of one of the earliest and best known GenAI tools, WormGPT, are recalibrating it as a white hat hacking resource.


Recent malware statistics illustrate how the cyber security landscape is constantly evolving. 

Well-established categories of malware (e.g., ransomware) remain major parts of that landscape. However, they are joined by new threats, such as crypto-jacking, IoT-targeted campaigns, as well as the increasing use of AI for generating malicious scripts.

All of this highlights the need to stay on top of cyber security best practices. It also shows the importance of making sure your skills and knowledge align with the malware detection and threat intelligence capabilities organizations are looking for.

To learn how to protect yourself and your business or become a cyber security professional yourself, consider a StationX Membership

With access to thousands of courses and labs, mentors, mastermind groups, and custom career and certification roadmaps, we can help you succeed in your personal cyber security goals.

Frequently Asked Questions


Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Gary Smith

    Gary spends much of his working day thinking and writing about professional and personal development, as well as trends and best practice in IT recruitment from both an organizational and employee perspective. With a background in regulatory risk, he has a special interest in cyber threats, data protection, and strategies for reducing the global cyber skills gap.