Ransomware Payments Increase 500% in One-year, Says Sophos

Sophos, a global leader of innovative security solutions that defeat cyberattacks, has released its annual ‘Stateof Ransomware 2024’ survey report, which found that the average ransom payment has increased 500 per cent in the last year. 

According to the report, organisations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023. 

“However, ransoms are just one part of the cost. Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023.

“Despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 59 per cent of organisations being hit, compared with 66 per cent in 2023.

“While the propensity to be hit by ransomware increases with revenue, even the smallest organisations (less than $10 million in revenue) are still regularly targeted, with just under half (47 per cent) hit by ransomware in the last year,” the report said.   

The 2024 report also found that 63 per cent of ransom demands were for $1 million or more, with 30 per cent of demands for over $5 million, suggesting ransomware operators are seeking huge payoffs. 

Analysing the report, Field CTO at Sophos, John Shier, said: “We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks.”