Average Ransomware Payment Hits $2 Million, Sophos Survey Shows

The amount organisations are paying to get back their data from cyber criminals (Ransomware Payment) has increased by 500 Per cent in the past one year a new report by Cybersecurity solutions provider Sophos has revealed.

Sophos, in its annual “State of Ransomware 2024” survey says this has seen organisations that paid the ransom report an average payment of $2 million, up from $400,000 in 2023 with, ransoms being just one part of the cost.

Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023.

Despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 59Per cent of organizations being hit, compared with 66Per cent in 2023.

While the propensity to be hit by ransomware increases with revenue, even the smallest organizations [less than $10 million in revenue] are still regularly targeted, with just under half [47Per cent] hit by ransomware in the last year.

The 2024 report also found that 63Per cent of ransom demands were for $1 million or more, with 30Per cent of demands for over $5 million, suggesting ransomware operators are seeking huge payoffs.

Unfortunately, these increased ransom amounts are not just for the highest-revenue organizations surveyed. Nearly half [46Per cent] of organizations with revenue of less $50 million received a seven-figure ransom demand in the last year.

Sophos field CTO John Shier says that The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill.

Read Also: Ransomware Groups Activate Remote Encryption in Attacks-Report

He points out that while some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume

“We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks,” said Sophos field CTO John Shier

For the second year running, exploited vulnerabilities were the most commonly identified root cause of an attack, impacting 32Per cent of organizations.

This was closely followed by compromised credentials [29Per cent] and malicious email [23Per cent].  This is directly in line with recent, in-the-field incident response findings from Sophos’ most recent Active Adversary report.

Victims where the attack started with exploited vulnerabilities reported the most severe impact to their organization, with a higher rate of backup compromise [75Per cent], data encryption [67Per cent] and the propensity to pay the ransom [71Per cent] than when attacks started with compromised credentials.

Ransomware Payment

The surveyed organizations also had considerably greater financial and operational impact, with the average recovery cost sitting at $3.58 million compared with $2.58 million when an attack started with compromised credentials and a greater proportion of attacked organizations taking more than a month to recover.

Other key findings in the report show that Less than one quarter [24 Per cent] of those that pay the ransom hand over the amount originally requested, and 44 Per cent of respondents reported paying less than the original demand.

The average ransom payment came in at 94Per cent of the initial ransom demand. In more than four-fifths [82Per cent] of cases funding for the ransom came from multiple sources.

Overall, 40Per cent of total ransom funding came from the organizations themselves and 23Per cent from insurance providers. Ninety-four percent of organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack, rising to 99Per cent in both state and local government. In 57Per cent of instances, backup compromise attempts were successful.

In 32Per cent of incidents where data was encrypted, data was also stolen – a slight lift from last year’s 30Per cent – increasing attackers’ ability to extort money from their victims

“Managing risk is at the core of what we do as defenders. The two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable, yet still plague too many organizations. Businesses need to critically assess their levels of exposure to these root causes and address them immediately. In a defensive environment where resources are scarce, it’s time organizations impose costs on the attackers, as well. Only by raising the bar on what’s required to breach networks can organizations hope to maximize their defensive spend,” said Shier.

Data for the State of Ransomware 2024 report comes from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024.

Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Google Opens Applications for Startups AI Accelerator Africa

Fri May 3 , 2024
Share on Facebook Tweet it Share on Reddit Pin it Share it Email Google today announced the opening of applications for the 8th cohort of its Google for Startups AI Accelerator Africa program. This cohort will have a strong focus on startups leveraging artificial intelligence (AI) and machine learning (ML) […]

You May Also Like

Chief Editor

Jacktone Lawi

Meet Jacktone Lawi, a seasoned technology journalist with years of experience in the industry. I have developed my passion for technology during my formative years, which has been instrumental in shaping my career trajectory. My expertise lies in reporting on emerging technologies and their impact on businesses and consumers worldwide. Through my experience I’m well-versed in covering topics such as artificial intelligence, blockchain, cybersecurity, cloud computing, and digital transformation, among others. Throughout my career, I have has demonstrated an exceptional ability to distill complex technical information into accessible and engaging content that resonates with my readers. My writing style is clear, concise, and informative, allowing me to communicate even the most technical concepts to a broad audience. Beyond my writing skills, I have also become known for extensive network of industry contacts and ability to secure exclusive interviews with high-profile figures in the technology world. These connections have enabled me to gain unique insights into the latest trends and developments in the field, giving me a competitive edge in my reporting. In addition to my work as a journalist, I’m also actively engaged in the broader technology community. Where I regularly attend conferences and events, share insights and stays up-to-date on the latest innovations in the industry. Overall, my wealth of experience as a technology journalist have given me a deep understanding of the industry and its impact on society.

Quick Links