Global firms paid an average of $2 million as ransom payments for ransomware attacks, as against $400,000 paid in 2012, representing an increase of 500 per cent, a new report has revealed.
The ‘State of Ransomware 2024’ report, published by cybersecurity firm Sophos, analysed data from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific.
Findings of the study revealed that the average price of recovery reached $2.73 million, an increase of almost $1 million from the $1.82 million that the company reported last year.
The report added that, despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 59 per cent of organisations being hit, compared with 66 per cent in 2022.
The 2024 report also found that 63 per cent of ransom demands were for $1 million or more, with 30 per cent of demands for over $5 million, suggesting ransomware operators are seeking huge payoffs.
The report further revealed that, for the second year running, exploited vulnerabilities were the most commonly identified root cause of an attack, impacting 32 per cent of organisations. This was closely followed by compromised credentials (29 per cent) and malicious email (23 per cent).
Victims where the attack started with exploited vulnerabilities reported the most severe impact to their organisation, with a higher rate of backup compromise (75 per cent), data encryption (67 per cent), and the propensity to pay the ransom (71 per cent) than when attacks started with compromised credentials.
“The surveyed organisations also had considerably greater financial and operational impact, with the average recovery cost sitting at $3.58 million compared with $2.58 million when an attack started with compromised credentials and a greater proportion of attacked organisations taking more than a month to recover,” said the report.
To defend against ransomware attacks, Sophos recommended some best practices, which include understanding their risk profile and prioritising the riskiest.
Sophos also advised businesses to implement endpoint protection that is designed to stop a range of evergreen and constantly changing ransomware techniques, such as Sophos Intercept X.
Commenting on the findings of the report, the chief technical officer of Sophos, John Shier, said:
“We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy.
“Without ransomware, we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal-opportunity crime.
“The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume.”