How Significant is the Threat from Ransomware?

A 2024 Sophos State of Ransomware Report found that ransomware is still a significant threat to organizations. This report is based on a survey of 5,000 IT and cybersecurity leaders from 14 countries and revealed that attack rates dropped to 59% from 66%, but recovery costs(excluding any ransom payment) increased to $2.73 million from $1.82 million in 2023.

Aside for some exceptions, ransomware attack rates were generally similar, with 60% to 68% of organizations affected in 11 out of the 15 industries analyzed.

34% of respondents identified email-based methods as the primary cause of attacks. About twice as many incidents began with a malicious email (a message containing a harmful link or attachment that installs malware) when compared to phishing (a message intended to deceive recipients into disclosing information). See below.

The report also highlighted a consistent increase in the time to recover from a ransomware attack. It found that:

• Only 35% of ransomware victims fully recover within a week or less, compared to 47% in 2023 and 52% in 2022.

• Currently, one third (34%) take over a month to recover, up from 24% in 2023 and 20% in 2022.

This delay may be due to the rising complexity and severity of attacks, which demand more extensive recovery efforts. It might also suggest a growing deficiency in recovery preparedness.

When it comes to paying ransom, victims seldom pay the initial amount requested. For the first time, over half (56%) of organizations with encrypted data acknowledge paying to recover their data. Among those who paid, the average (median) amount rose five times over the past year, from $400,000 to $2 million. While the ransom payment rate increased, only 24% of respondents paid the initial demand. Meanwhile, 44% paid less than the original amount requested, and 31% ended up paying more.