3 min

The average amount paid in ransomware attacks increased 500 percent over the past year. Organizations that paid had to cough up an average of two million dollars. That’s a huge jump from 400,000 million dollars the year before. Although the number of ransomware attacks fell slightly, recovery costs rose to more than 2.7 million dollars (over 2.5 million euros).

This is according to British security specialist Sophos in its State of Ransomware 2024 report. The company states that of all organizations surveyed, 59 percent have experienced a ransomware attack, a slight decrease from 66 percent in their 2023 report. Of all the affected companies, 63 percent saw a demand for more than one million dollars in ransom. In thirty percent of cases the demand exceeded 5 million dollars.

To be clear, even though the report has the year 2024 attached to it, it actually shows data from 2023. Sophos chose to use the year in which the survey was conducted. However, participating companies, governments and nonprofit organizations were asked to share data from the previous year.

Amount paid is often less than demanded

The report shows that less than a quarter of the organizations paying ransoms actually transfer the full amount requested, with nearly half paying less than originally demanded. Nevertheless, the average ransom amount totals 94 percent of the initial demand. Funding for ransomware often comes from multiple sources, with organizations themselves and insurance companies contributing a significant amount.

A notable omission in the report is that while it neatly breaks down how many companies pay more than, less than, or precisely the amount demanded, it fails to mention how often affected organizations refuse to pay at all. Belgian brewery Duvel Moortgat recently took this route. It did not pay, after which its data ended up in the street.

It takes longer to recover

According to Sophos, recovering from an attack is taking longer, possibly because of the increasing complexity and ferocity of such attacks. A third of those affected need more than a month, up from a quarter in the previous report. It takes 35 percent less than a week to be up and running again, down from 47 percent last year and 52 percent the year before.

Nearly all affected organizations reported attempts to compromise their backups during ransomware attacks, 57 percent of which were successful. Further, it appears that in more than one-third of cases where data is encrypted, it is also stolen, enhancing attackers’ ability to extort money from their victims.

Small organizations are targets, too

It is not only very large companies that fall victim to ransomware. Sophos calculated that nearly half (46 percent) of organizations with less than 50 million dollars in revenue received ransom demands that ran into the seven figures. Among small organizations with revenues of less than 10 million dollars, half were affected by ransomware.

France had the most companies affected, nearly three-quarters of those surveyed, followed by South Africa and Italy. Brazil had the lowest number of attacks, but still 44 percent of respondents. The two most common causes of ransomware attacks are vulnerabilities in the IT ecosystem, followed by stolen credentials and emails.

These causes are mostly avoidable, Sophos argues. “We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy,” warns John Shier, field CTO at the cybersecurity company. “The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume.”

Sophos conducted the survey among 5,000 companies in 14 countries worldwide. Sales per company ranged from less than $10 million to more than $5 billion.

Also read: Ransomware victims increasingly refuse to pay