Blog Detail

Our fifth annual report reveals how the state of ransomware has changed over the past year, plus brand new insights into the business impact of an attack.

Sophos’ fifth State of Ransomware report reveals the real-world ransomware experiences of 5,000 organizations around the world, from the root cause to attack severity, financial impact and recovery time.

Based on findings from a survey of IT/cybersecurity leaders in 14 countries, this year’s report combines year-over-year insights with new areas of study. It includes a deep dive into ransom demands and payments, and sheds new light on the role of law enforcement in ransomware remediation.

 

Download the report for the full findings and read on to learn about some of the topics covered.

 

Attack rates have decreased, but recovery costs have increased

59% of organizations were affected by ransomware last year, a small but welcome drop from the 66% reported in the previous two years. While any reduction is encouraging, with more than half of organizations experiencing an attack, now is not the time to let our guard down.

Despite fewer attacks last year, recovery costs rose to $2.73M, 50% more than in 2023.

 

Having your entire wealth encrypted is rare

On average, just under half (49%) of an organization’s computers are affected by a ransomware attack. Having your entire environment encrypted is extremely rare: only 4% of organizations reported that 91% or more of their devices were affected.

 

More than half of victims now pay the ransom

For the first time, more than half (56%) of organizations that had encrypted data admit to having paid the ransom to recover the data. Use of backups is down slightly from last year (68% vs. 70%), while 26% used “other means” to recover data, including working with authorities or using decryption keys already available. they had made public.

Despite fewer attacks last year, recovery costs rose to $2.73M, 50% more than in 2023 (for example, paying the ransom and using backups). Nearly half of organizations that had encrypted data reported using more than one method (47%) this time, more than double the rate reported in 2023 (21%).

 

Ransom payments have skyrocketed, but victims rarely pay the initial sum demanded

1,097 respondents whose organization paid the ransom shared the actual sum paid, revealing that the average (median) payment has quintupled over the past year, from $400,000 to $2 million.

While the ransom payment rate has increased, only 24% of respondents said their payment matched the original request. 44% paid less than the original demand, while 31% paid more.