Connect with us

Hi, what are you looking for?

HEADLINES

Ransomware payments increase 500% in the last year – Sophos

Organizations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023. However, ransoms are just one part of the cost. Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023.

Photo by Romson Preechawit from Unsplash.com

Sophos, a global player of security solutions that defeat cyberattacks, recently released its annual “State of Ransomware 2024” survey report, which found that the average ransom payment has increased 500% in the last year.

Organizations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023. However, ransoms are just one part of the cost. Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023.

Despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 59% of organizations being hit, compared with 66% in 2023. While the propensity to be hit by ransomware increases with revenue, even the smallest organizations (less than $10 million in revenue) are still regularly targeted, with just under half (47%) hit by ransomware in the last year.

“We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume,” said John Shier, field CTO, Sophos.

Advertisement. Scroll to continue reading.

For the second year running, exploited vulnerabilities were the most commonly identified root cause of an attack, impacting 32% of organizations. This was closely followed by compromised credentials (29%) and malicious e-mail (23%).  This is directly in line with recent, in-the-field incident response findings from Sophos’ most recent Active Adversary report.

Victims where the attack started with exploited vulnerabilities reported the most severe impact to their organization, with a higher rate of backup compromise (75%), data encryption (67%) and the propensity to pay the ransom (71%) than when attacks started with compromised credentials. The surveyed organizations also had considerably greater financial and operational impact, with the average recovery cost sitting at $3.58 million compared with $2.58 million when an attack started with compromised credentials and a greater proportion of attacked organizations taking more than a month to recover.

Other notable findings from the report include:

  • Less than one quarter (24%) of those that pay the ransom hand over the amount originally requested, and 44% of respondents reported paying less than the original demand
  • The average ransom payment came in at 94% of the initial ransom demand
  • In more than four-fifths (82%) of cases funding for the ransom came from multiple sources. Overall, 40% of total ransom funding came from the organizations themselves and 23% from insurance providers
  • Ninety-four percent of organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack, rising to 99% in both state and local government. In 57% of instances, backup compromise attempts were successful
  • In 32% of incidents where data was encrypted, data was also stolen – a slight lift from last year’s 30% – increasing attackers’ ability to extort money from their victims

“Managing risk is at the core of what we do as defenders. The two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable, yet still plague too many organizations. Businesses need to critically assess their levels of exposure to these root causes and address them immediately. In a defensive environment where resources are scarce, its time organizations impose costs on the attackers, as well. Only by raising the bar on what’s required to breach networks can organizations hope to maximize their defensive spend,” said Shier.

Sophos recommends the following best practices to help organizations defend against ransomware and other cyberattacks:

  • Understand your risk profile, with tools such as Sophos Managed Risk which can assess an organization’s external attack surface, prioritize the riskiest exposures and provide tailored remediation guidance
  • Implement endpoint protection that is designed to stop a range of evergreen and constantly changing ransomware techniques, such as Sophos Intercept X
  • Bolster your defenses with round-the-clock threat detection, investigation and response, either through an in-house team or with the support of a Managed Detection and Response (MDR) provider
  • Build and maintain an incident response plan, as well as making regular back-ups and practicing recovering data from backups

Data for the State of Ransomware 2024 report comes from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

Read the State of Ransomware 2024 report for global findings and data by sector on Sophos.com.

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

As the holiday season approaches, Grab is proactively ramping up new measures to ensure safe rides for its passengers and driver-partners. 

HEADLINES

Sophos X-Ops first reported on what they named Operation Crimson Palace in June and detailed Sophos X-Ops' discovery of three separate clusters of Chinese...

HEADLINES

“Smart assures our customers that we are continuously enhancing our network infrastructure to reject fraudulent SIM registration as we intensify our efforts against mobile...

HEADLINES

Here are some areas in which AI can be integrated in ride-hailing services and how it can be further maximized in the future.

HEADLINES

To improve their cybersecurity efficiency, businesses are looking for all-encompassing solutions that enable full visibility of what’s happening in company’s IT infrastructure, leveraging a...

HEADLINES

Smart had earlier reported a marked decline in SMShing, or phishing over SMS, after it activated its new and more advanced network firewall.

HEADLINES

In the Philippines, when a data breach occurs, companies have up to 72 hours to notify affected individuals. During this period, malicious actors may...

White Papers

An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap. At the same time, the 2024 Global Cybersecurity Skills Gap...

Advertisement