What Happens to Stocks After Ransomware Attacks - MagnifyMoney

Trade Volumes Jump 118%, on Average, After Public Companies Announce Ransomware Attacks

Editorial Note: The content of this article is based on the author’s opinions and recommendations alone and is not intended to be a source of investment advice. It may not have not been reviewed, commissioned or otherwise endorsed by any of our network partners or the Investment company.
How MagnifyMoney Gets Paid ?
Advertiser Disclosure

Businesses can face any number of threats, as the coronavirus pandemic has reminded us. Demand can fall or supply chains can falter, but those kinds of threats have always existed.

The first reported ransomware attack happened in 1989, but the threat of these hacks has exploded in recent years, catching many companies — and investors — off guard. Ransomware is a form of cyberattack. The typical result is malicious people making some part of a company’s digital infrastructure unusable and demanding a ransom to fix the problem. The impacts can be far-reaching, especially if a company has to halt production to address the hack.

To get an idea of how investors react to these cyberattacks, MagnifyMoney researchers examined trade volume across 10 public companies that have announced ransomware attacks in the past few years. After these companies broke the news, trade volume jumped as much as 733%, but the stock price data perhaps shows such fervent reaction is unwarranted.

Find a Financial Advisor

How much would you like to invest?

Find a Financial Advisor

Key findings

  • Public companies that are victims of ransomware attacks see a spike in trade volume the day a breach is announced. Among MagnifyMoney’s sample of 10 public companies that reported attacks between 2018 and 2021, average trade volume more than doubled — by 118%, in fact — compared to the day before.
  • But while the impact on trade volumes can be dramatic, these cyberattacks don’t seem to severely impact stock prices. Stock prices fell by an average of 3% the day of the announcement among these 10 companies. A week after the reports, stock prices among these companies were down by just an average of 1%.
  • Stock fluctuations withstanding, the term ransomware is more present than ever. In 2015, the term appeared in just eight filings with the Securities and Exchange Commission (SEC). Through the first eight months of 2021, the term has already appeared in 4,668 filings.
  • Businesses and investors are paying attention to attacks, but are consumers? Google Trends data dating back to 2015 shows interest in ransomware peaked in May 2017 with the WannaCry ransomware attack, which targeted Microsoft Windows users. Ransomware made the headlines again in May 2021 with the breach of fuel pipeline operator Colonial Pipeline.
  • Perhaps because of political implications, ransomware is most searched for around the nation’s capital. Residents in Maryland, the District of Columbia and Virginia Google the phrase the most.

When ransomware strikes, investors mobilize

American consumers often take action when something on the news shocks or otherwise affects them. Reports of natural disasters or crime can spur donations or awareness campaigns, for example. And, according to MagnifyMoney research, reports of ransomware attacks can inspire stock market moves.

Among a sample of 10 public companies that announced these cyberattacks between 2018 and 2021, trade volume increased by 118%, on average, on the day of the announcements. Three of the companies examined saw trade volume jump by more than 100%, with the biggest change affecting Canadian communications equipment manufacturer Sierra Wireless, which saw a 733% increase in trade volume the day it announced on March 23, 2021, that it suffered a ransomware attack days earlier.

For some of the companies examined, trade activity decreased after their attack announcement. Greeneville, Tenn.-based shipping and freight logistics company Forward Air saw a 76% drop in trade volume after its cyberattack in December 2020.

Change in stock trade volume after ransomware attack announcement

CompanyStock tickerStock trade volume on day before announcementStock trade volume on day of announcementStock trade volume changeStock trade volume change a week later
Sierra WirelessSWIR144,000**1,200,000733%-88%
Pitney BowesPBI2,719,6505,782,935113%-72%
Dixie GroupDXYN54,786**80,53947%-29%
Forward AirFWRD458,104**110,237-76%-100%

*Ransomware attack was announced on Saturday, so day-of volume is from following Monday**Ransomware attack was announced on Monday, so day-before volume is from previous Friday

Every decision to buy or sell stocks comes with some level of risk, but the uncertainty introduced by a ransomware attack could make some investors apprehensive.

MagnifyMoney senior economic analyst Jacob Channel says these attacks don’t necessarily add risk to investment decisions.

“Investing in a company that is currently dealing with ransomware isn’t inherently riskier than investing in another company,” he says. “Ultimately, a company’s fundamentals are more likely to drive its long-term stock price up or down than a one-off ransomware attack is.”

Stock prices barely move, despite trading hype

It’s somewhat reasonable to think something like a ransomware attack may have a lasting impact on a company’s stock performance. However, stock prices data from the companies MagnifyMoney analyzed show these attacks may not largely hurt company performance.

Despite such a dramatic increase in trade volume, stock prices across the companies analyzed only fell by an average of 3% on the day the attacks were announced. A week after these announcements, prices were down by only an average of 1%, implying that if the attack and subsequent news impacted a company’s stock price, it didn’t last.

The stock price of Sierra Wireless — which saw the biggest trade volume jump among the companies analyzed — fell the most, dropping 12% the day it revealed its attack. A week later, the price was down only 4% from before the attack.

Just one company analyzed — Stamford, Conn.-based Pitney Bowes, an e-commerce and shipping technology company — saw its stock price rise after ransomware announcements. Pitney Bowes’ stock price jumped 7% the day it went public about its attack. A week later, its stock ended up dropping 7% below its price the day news of the attack broke. In fact, its stock price was just one cent off its price before the attack was announced.

Change in stock price after ransomware attack announcement

CompanyStock price on day before announcementStock price on day of announcementStock price % change on day of announcementStock price a week after announcementStock price % change a week after announcement
Pitney Bowes$4.93$5.287%$4.92-7%
Forward Air$78.20**$76.99-2%$76.35-1%
Dixie Group$3.82**$3.64-5%$3.36-8%
Sierra Wireless$17.32**$15.25-12%$14.59-4%

*Ransomware attack was announced on Saturday, so day-of price is from following Monday**Ransomware attack was announced on Monday, so day-before price is from previous Friday

Channel emphasizes the importance of looking at companies more holistically to make stock decisions rather than reacting to the news.

“The biggest threats to stock prices and profits are more likely to come from things like poor management or a lack of consumer demand,” Channel says. “As a result, it probably makes more sense for investors to worry less about ransomware attacks and more about things like whether a company is growing or making money.”

Further, a recent MagnifyMoney survey found 66% of investors who have made impulsive or emotional investing decisions — perhaps like the choice to sell company stocks in reaction to a ransomware attack — ended up regretting the decision.

A new and growing threat

Regardless of the impact, ransomware attacks appear to be happening more frequently than ever. Just six years ago in 2015, an investor could count on two hands the number of SEC filings that mentioned the term ransomware — eight. By 2021, that number had risen to 4,668 — and that’s just in the first eight months of the year.

Though company stock prices may not take a hit in response to these cyberattacks, companies recognize that security breaches are a growing threat.

Within the SEC filings, the most common forms in the first eight months of 2021 in which ransomware is referenced are 10-K annual reports (952 times) and 10-Q quarterly reports (697). The SEC requires all public companies to file these forms each year — a 10-Q form for each of the first three quarters, then a 10-K at the end of the year — disclosing general company financial performance and any potential risks. S-1 general forms, which companies use to register with the SEC, made up 476 of the filings mentioning ransomware.

These mentions vary in scope but imply companies may cite ransomware attacks as a growing and continuous threat to which they’re becoming increasingly vigilant.

But in addition to these general warnings, the number of 8-K filings with the SEC — filed when something important happens to a business and shareholders need to be notified — is also on the rise. Companies have filed 383 of these forms in the first eight months of 2021. In all of 2020, 209 8-K forms referenced ransomware, so 2021 filings are already far ahead.

Should May be ransomware awareness month?

Though companies appear to be taking a proactive approach to ransomware attacks, consumers seem to be most interested when the attacks get personal. Researchers analyzed Google Trends data dating to 2015 to determine when people search the term ransomware.

Search interest peaked in May 2017, coinciding with the WannaCry ransomware attack, which impacted more than 230,000 Windows PC users. Consumers themselves may have had their computers affected by this scheme or felt the effects through disrupted services from companies impacted.

Despite this global attack, search volume around ransomware fell and stayed low in the months and years following. In May 2021, search volume peaked again as fuel pipeline operator Colonial Pipeline announced a ransomware breach. Though this attack targeted just one particular company, it happened to be the lifeline of East Coast commuting, supplying gas for both cars and airplanes. When Colonial Pipeline was forced to shut down to address the attack, consumers flocked to gas stations, draining supply and further driving up prices.

An issue of public interest

Given states on the East Coast may have been most affected by the Colonial Pipeline ransomware attack, it appears many consumers in those states wanted to know more about these attacks or perhaps sought information prior. Seven of the 10 states with the most Google searches for ransomware since 2015 are found in the Northeast.

However, the residents searching the internet about ransomware most frequently live in Maryland, the District of Columbia and Virginia, respectively. It’s plausible those in and around the nation’s capital are more interested in defense against these kinds of attacks, which can threaten national security.

Securing your investments

Companies and individuals should stay alert to possible ransomware attacks and protect themselves to the best of their ability by taking basic cybersecurity measures like backing up their files and using multifactor authentication on devices and digital accounts.

As for investment decisions, there isn’t much you can do as an individual to ensure a company in which you’ve invested will avoid one of these attacks. But if you’re thinking about buying or selling stock in reaction to news about a company dealing with these hackers, use these tips:

  • Do your research. As Channel noted, a company’s stock price will be affected more by foundational and day-to-day business practices. Before you invest for the first time or make changes to an existing investment, do some research on the company’s broader history to make a more informed decision. “A ransomware attack could hurt a company’s profits, but there are other economic threats that could be just as damaging, if not more so,” Channel says.
  • Think long-term strategy. The stock market at large can take dips at any time for any reason, and individual company stock prices can do the same. But history shows stocks generally improve over time. Even if a company’s stock price falls due to a ransomware attack, it may be prudent to wait it out before dumping shares to make money on your stocks.
  • Seek wise counsel. If you’re not sure how or when to make changes to your investment portfolio, it might be time to get a financial advisor. A professional may help you better navigate the ups and downs of the market and make the best decisions for your financial goals.


MagnifyMoney analyzed Securities and Exchange Commission (SEC) filings and Google Trends data dating back to 2016 to analyze how businesses and consumers are reacting to the growing threat of ransomware.

Additionally, researchers analyzed data for 10 public companies that filed reports between 2018 and 2021 saying they had been victims of a ransomware attack. To assess how investors reacted to these announcements, analysts looked at trade volume the day before the announcement, the day of the announcement and one week later. Analysts also pulled stock price data for those same periods.

If a ransomware attack was announced on a Saturday, the day-of volume and day-of stock price are from the following Monday. If a ransomware attack was announced on a Monday, the day-before volume and day-before stock price are from the previous Friday.

The “Find a Financial Advisor” links contained in this article will direct you to webpages devoted to MagnifyMoney Advisor (“MMA”). After completing a brief questionnaire, you will be matched with certain financial advisers who participate in MMA’s referral program, which may or may not include the investment advisers discussed.