Sophos: 58% of Retailers Hit by Ransomware Pay the Ransom

Emma Okonji

Sophos, a global leader of innovative security solutions for defeating cyberattacks, has released its fifth annual Sophos State of Ransomware in Retail report, a vendor-agnostic survey of IT and cybersecurity leaders across 16 countries.

This year’s report reveals that nearly half (46 per cent) of retail ransomware incidents were traced to an unknown security gap, underscoring ongoing visibility challenges across the retail attack surface.

Among organisations that had data encrypted, 58 per cent paid the ransom to get their data back – the second highest payment rate in five years.

Key findings from the report showed that 46 per cent of attacks began with an unknown security gap (top operational factor); 30 per cent of attacks exploited known vulnerabilities (top technical root cause, third year running); 58 per cent of victims with encrypted data paid; and 48 per cent of attacks resulted in encryption (five-year low)

According to the report, median ransom demand doubled to $2 million from 2024, and average payment increased five per cent to $1 million

Giving further details of the report findings, Sophos Director, Global Field CISO, Chester Wisniewski, said: “Retailers globally are facing a more complex threat landscape where adversaries are constantly on the lookout for and exploiting existing vulnerabilities, most frequently in remote access and internet facing networking equipment. Now, with ransom demands reaching new highs, the need to implement comprehensive security strategies is even more apparent.”