Ransomware payments see 500% increase last year: Sophos

• Rate of ransomware attacks fall slightly, but recovery costs hit US$ 2.73 mn

Sophos, a global leader of innovative security solutions that defeat cyberattacks, has released its annual “State of Ransomware 2024” survey report, which found that the average ransom payment has increased 500 percent in the last year. 
Organizations that paid the ransom reported an average payment of US$ 2 million, up from US$ 400,000 in 2023. However, ransoms are just one part of the cost. Excluding ransoms, the survey found the average cost of recovery reached US$ 2.73 million, an increase of almost US$ 1 million since the US$ 1.82 million that Sophos reported in 2023.
Despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 59 percent of organizations being hit, compared with 66 percent in 2023. While the propensity to be hit by ransomware increases with revenue, even the smallest organizations (less than US$ 10 million in revenue) are still regularly targeted, with just under half (47 percent) hit by ransomware in the last year. 

The 2024 reportalso found that 63 percent of ransom demands were for US$ 1 million or more, with 30 percent of demands for over US$ 5 million, suggesting ransomware operators are seeking hugepayoffs. Unfortunately, these increased ransom amounts are notjust for the highest-revenue organizations surveyed. Nearly half (46 percent) of organizations with revenue of less US$ 50 million received a seven-figure ransom demand in the last year.
“We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks.
The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume,” said John Shier, field CTO, Sophos.
For the second year running, exploited vulnerabilities were the most commonly identified root cause of an attack, impacting 32 percent of organizations. This was closely followed by compromised credentials (29 percent) and malicious e-mail (23 percent).  This is directly in line with recent, in-the-field incident response findings from Sophos’ most recent Active Adversary report.
Victims where the attack started with exploited vulnerabilities reported the most severe impact to their organization, with a higher rate of backup compromise (75 percent), data encryption (67 percent) and the propensity to pay the ransom (71 percent) than when attacks started with compromised credentials. The surveyed organizations also had considerably greater financial and operational impact, with the average recovery cost sitting at US$ 3.58 million compared with US$ 2.58 million when an attack started with compromised credentials and a greater proportion of attacked organizations taking more than a month to recover.
“Managing risk is at the core of what we do as defenders. The two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable, yet still plague too many organizations. Businesses need to critically assess their levels of exposure to these root causes and address them immediately. 
In a defensive environment where resources are scarce, its time organizations impose costs on the attackers, as well. Only by raising the bar on what’s required to breach networks can organizations hope to maximize their defensive spend,” added Shier.