Published :
Updated :
For all latest news, follow The Financial Express Google News channel.
Sophos, a global leader of innovative security solutions that defeat cyberattacks, recently released its annual ‘State of Ransomware 2024’ survey report, which found that the average ransom payment has increased 500 per cent in the last year.
Organisations that paid the ransom reported an average payment of $2.0 million, up from $400,000 in 2023, according to a company press release on Sunday.
However, ransoms are just one part of the cost. Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1.0 million since the $1.82 million that Sophos reported in 2023.
Despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 59 per cent of organisations being hit, compared with 66 per cent in 2023.
While the propensity to be hit by ransomware increases with revenue, even the smallest organisations (less than $10 million in revenue) are still regularly targeted, with just under half (47 per cent) hit by ransomware in the last year.
The 2024 report also found that 63 per cent of ransom demands were for $1.0 million or more, with 30 per cent of demands for over $5.0 million, suggesting ransomware operators are seeking huge payoffs.
Unfortunately, these increased ransom amounts are not just for the highest-revenue organisations surveyed. Nearly half (46 per cent) of organisations with revenue of less $50 million received a seven-figure ransom demand in the last year.
For the second year running, exploited vulnerabilities were the most commonly identified root cause of an attack, impacting 32 per cent of organisations.
This was closely followed by compromised credentials (29 per cent) and malicious e-mail (23 per cent). This is directly in line with recent, in-the-field incident response findings from Sophos’ most recent Active Adversary report.
Victims where the attack started with exploited vulnerabilities reported the most severe impact to their organisation, with a higher rate of backup compromise (75 per cent), data encryption (67 per cent) and the propensity to pay the ransom (71 per cent) than when attacks started with compromised credentials.
The surveyed organizations also had considerably greater financial and operational impact, with the average recovery cost sitting at $3.58 million compared with $2.58 million when an attack started with compromised credentials and a greater proportion of attacked organizations taking more than a month to recover.
Data for the State of Ransomware 2024 report comes from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organisations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5.0 billion.