Ransomware payments rise 500% amid $ 2.73m recovery costs
IN the last year, ransomware payments witnessed 500 per cent rise as the menace remains.
Security solutions firm, Sophos, which revealed this in its yearly “State of Ransomware 2024” survey report, said organisations that paid the ransom reported an average payment of $ 2 million, up from $ 400,000 in 2023. However, the report said ransoms are just one part of the cost. Excluding ransoms, the survey found the average cost of recovery reached $ 2.73 million, an increase of almost $ 1 million since the $ 1.82 million that Sophos reported in 2023. Despite the soaring ransoms, this year’s survey indicated a slight reduction in the rate of ransomware attacks with 59 per cent of organisations being hit, compared with 66 per cent in 2023.
While the propensity to be hit by ransomware increases with revenue, even the smallest organisations ( less than $ 10 million in revenue) are still regularly targeted, with just under half ( 47 per cent) hit by ransomware in the last year. The 2024 report also found that 63 per cent of ransom demands were for $ 1 million or more, with 30 per cent of demands for over $ 5 million, suggesting ransomware operators are seeking huge payoffs.
Unfortunately, these increased ransom amounts are not just for the highest- revenue organisations surveyed. Nearly half ( 46 per cent) of organisations with revenue of less $ 50 million received a seven- figure ransom demand in the last year.
Field CTO, Sophos, John Shier, said: “We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal- opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multimillion- dollar ransoms, others settle for lower sums by making it up in volume.”
The report noted that for the second year running, exploited vulnerabilities were the most identified root cause of an attack, impacting 32 per cent of organizations. This was closely followed by compromised credentials ( 29 per cent) and malicious email ( 23 per cent).