Windows is a ransomware magnet, according to a new VirusTotal report

Windows 11 Start Surfacepro Lighting
Windows 11 Start Surfacepro Lighting (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • VirusTotal released a report on ransomware activity.
  • It's loaded with statistics on ransomware, including freshness of attack samples, attack volume figures, and which operating systems are getting hit the most.
  • Windows was the target for 95% of the ransomware files VirusTotal evaluated in its October 2021 report.

Ransomware is becoming a bigger and bigger deal by the day. The U.S. government is focusing energies on cryptocurrency sanctions in large part to combat ransomware. The attack type has been at the core of national incidents. And now, there's a report on how the ever-expanding problem links back to Windows.

Based on the ransomware files VirusTotal analyzed for its October 2021 report, 95% of all of them are for Windows PCs. A hair over 2% go after Android, and every target of ransomware beyond those two makes up a micro percentage of the overall pie.

Virustotal Ransomware

Source: VirusTotal (Image credit: Source: VirusTotal)

The report goes over loads of other ransomware statistics if you want to find out which countries are the most targeted by the threat (spoiler: Israel saw a big increase in attacks in 2021), how often new families of the software type are cropping up, and more.

This news may or may not come as a surprise to Windows users who constantly see reports of ransomware. Recently, there was LockFile, which targeted Microsoft Exchange servers. There was even the threat of ransomware when it came to basic Windows-based printing activities.

The threat isn't going away anytime soon, hence why it's even now being addressed by Microsoft in an insurance capacity. As the years stretch on, we may see more and more measures being taken by companies and governments to combat the form of cybercrime. Until then, take precautions to not get swept up in the growing ransomware storm.

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to

  • There I was thinking the stats will tell me something new.
    If you send ransomeware out there to collect a pay day, you send it to corporations, do these corporations use iPad to run their offices and hospitals No.... So, what is the news other than an article devoid of depth just saying Ransomeware likes windows a lot.
  • Absolutely empty article. Of course they'll go after Windows, it's what people use most
  • “Of course they'll go after Windows, it's what people use most“ No, its what corporations use most. People mostly use phones these days. Corporations have the money to pay off these criminals. If corporations ran on Android, rest assured that Android would be the “ransomware magnet”.
  • Ok, semantic king, and who's working for corporations ? Ah, right, PEOPLE. Ffs, why are there still comments sections, the point have been made that they're utterly useless.
  • Absolutely true, no business in their sane minds would invest in any other system than Windows cause its easy to work with, and is more open to user/business customization with less costs and more efficiency due to being compatible with most hardware plus repair related complications being non existent, however most businesses try to run on older versions of Windows while paying for security patches hoping to reduce their overall "expense" of time and money if they were to upgrade systems, which is probably one of the reasons why ransomware "likes" Windows "more", even though if we look to android or even mac they aren't entirely immune to these either, so far the only system that is truly capable of dealing with ransomware would be Windows 11 due to its "mandatory" hardware requirements enabling hardware based security features.
  • My thoughts too. The article is stupidly suggestive, more like a deliberate credibility attack on Windows than anything else. Only an idiot would compare to Android.
  • Injustice 2 is not launching on windows 11
  • I don't even see how that's related to the topic... but I'm assuming that its because Windows 11 is new... I'd probably wait a while cause my gaming experience on Windows 11 wasn't so great either, and before you get salty about it, Windows 10 was no different when it was first out... and I'm no "fan" cause I don't think I will be running Windows 11 as my main system until they fix the bugs I've noticed on it..
  • This is where using VBS and a TPM makes sense in protecting the boot process
  • No, this is where educating the workforce who are the primary entry of any computing attack make sense. TPM does **** for anything like this btw... Secure Boot is what can protect from rootkit/kernel-mode based Ransomware, not TPM.
  • I simply like both of you guys dialogue geared towards educating, and I just learnt one.
  • Furthermore, I forgot to say that a TPM major functionnality is to serve as an "encryption key" if you will ; so, if you encrypt your harddrive with Bitlocker with the TPM activated, someone wouldn't be able to recover the data on the drive without the TPM module that served as the "key" to Bitlocker's encryption. If your drive isn't encrypted throughout, the TPM is then used only for some data encryption, i.e. mostly the passwords that are stored onto the machine. SecureBoot acts as a bootloader "gatekeeper" with a VIP list. If the digital signature of the bootloader isn't reconigned in the UEFI key database (VIP list), then the Bootloader isn't loaded, and thus no code is executed. So, a Windows 10 bootloader infected with any kind of virus like a rootkit is inherently modifying the digital signature of the bootloader. By far, that's where the most security comes from regarding outside Ransomware attacks.
  • Wow, I'm surprised that the marketshare leader in OSes is the most targeted OS platform. Almost if there was a correlation to be made between the number of potential targets and the number of infected targets. Mind blown ! I mean, why the frack are we even still coming here for Windows news ? This site is rapidly going down the "Here are the best whatever to buy through our link to give us a cut" road while removing the "real" content people came here for in the first place. Honestly, it's more sad than anything...
  • "Wow, I'm surprised that the marketshare leader in OSes is the most targeted OS platform."
    Who Knew? This article author definitely did not know.
    I tell you what, he got a payday today with this article click bait and I'll be the first to admit, He got me good.
  • I was at least expecting to have more details, like which ransomwares were the most prevalent, the resolution of those cases (data loss vs data recovery through either backups or payment of ransom, etc.). I'm all in for those "payday" articles, IF they allow the publishing of well-rounded, fleshed up articles here and there. That here and there is becoming so rare and scarce I'm not sure if anyone cares anymore.
  • Rasomware likes an OS with 90% of desktop market share? what a surprise!
  • Ransomware likes an OS with 75% of desktop market share. Windows has not been at 90% for at least 10 years.
  • Ok, Mr Semantic King, if you wanna play that game and be that guy always arguing with everyone, get fully behind it and get you shib together : pull out of your hat stats including washers, dryers, cars, microwaves, mp3 players, and all the rest of the devices who run ANY KIND OF SOFTWARE. That includes all the old school digital Casio watches, Tamagotchis, my daughter's Little People Magic Bus, etc. Seriously, I hope you are just trolling here, if not, I just feel sad for you.
  • Most of these attacks are actually still done via the true and tested process. Email. Despite heavy investment on email security 1 or 2 stills gets over to user's inbox and then the next problem arises, you get one curious user who open an exciting email and clicks the link. I have not seen in my 20+ years as an IT professional have seen a trojan virus getting into the network or computer by itself. Always a user either getting trick into opening an email attachment or clicking a URL to win 1 billion dollars (;-).