Victims of ransomware paid 94 percent of ransom amounts in 2023, Sophos has revealed.
The report, ‘The State of Ransomware,’ disclosed that negotiation on ransom amounts occurs in the majority of cases and that the eventual amount paid by respondents was usually 94 percent of the original demanded, on average.
“Diving deeper, we see that all revenue groups except the very largest were able to reduce the size of the ransom payment. The $50 million – $250 million segments paid the lowest proportion of the initial demand (84 percent). The only group to pay more than the initial ask is the $5 billion + segment, which covered, on average, 115 percent of the ransom demand.
“Less than one quarter – 24 percent of those who pay the ransom hand over the amount originally requested, and 44 percent of respondents reported paying less than the original demand,” the cybersecurity firm said.
Sophos further disclosed that the average ransom payment has increased by 500 percent in the last year with organisations reporting average costs of $2 million, up from $400,000 in 2023.
“Organisations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023. However, ransoms are just one part of the cost. Excluding ransoms, the survey found the average recovery cost reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023,” it explained.
Despite the high ransom numbers, this year’s survey indicated a slight reduction in the rate of ransomware attacks, with 59 percent of organisations been hit, compared with 66 percent in 2023.
The 2024 report also found that 63 percent of ransom demands were for $1 million or more, with 30 percent for over $5 million, suggesting ransomware operators are seeking huge payoffs.
John Shier, Sophos’s field CTO, advised, “We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy.
“Without ransomware, we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal-opportunity crime.”
