Industry Insights with Sally Adam

Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development , Ransomware

The State of Ransomware 2024

How Attacks Have Changed; New Insights Into How an Attack Affects the Business
The State of Ransomware 2024
Image: Sophos

The fifth annual Sophos State of Ransomware Report reveals the real-world ransomware experiences of 5,000 organizations around the globe, from root cause through to severity of attack, financial impact and recovery time.

See Also: Strategies for Protecting Your Organization from Within

Based on the findings of a survey of IT/cybersecurity leaders across 14 countries, this year's report combines year-on-year insights with brand-new areas of study. It includes a deep dive into ransom demands and ransom payments and shines new light on the role of law enforcement in ransomware remediation.

Download the report to get the full findings, and read on for a taster of some of the topics covered.

  • Attack rates are down, but recovery costs are up.

    Of those surveyed, 59% of organizations were hit by ransomware last year. That's a small but welcome drop from the 66% reported in both the previous two years. While any reduction is encouraging, with more than half of organizations experiencing an attack, this is no time to lower your guard.

    Image: Sophos

    While the attack rate has dropped over the last year, overall recovery costs - excluding any ransom payment - have soared to $2.73 million, a 50% increase from the $1.82 million reported in 2023.

  • Full estate encryption is rare.

    On average, just under half - 49% - of an organization's computers are affected by a ransomware attack. Having your full environment encrypted is extremely rare; only 4% of organizations reported that 91% or more of their devices were affected.

    Image: Sophos
  • More than half of victims now pay the ransom.

    For the first time, more than half - 56% - of the organizations that had data encrypted admitted to paying a ransom to recover that data. The use of backups has dropped slightly from last year - 68% vs. 70% - while 26% used "other means" to get data back, including working with law enforcement or using decryption keys that had already been made public.

    Image: Sophos

    A notable change over the last year is the increase in propensity for victims to use multiple approaches to recover encrypted data - e.g., paying the ransom and using backups. Almost half of organizations that had data encrypted - 47% - reported using more than one method this time around. That's more than double the rate reported in 2023 - 21%.

  • Ransom payments have soared, but victims rarely pay the initial sum demanded.

    Of those surveyed, 1,097 respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average or median payment has increased fivefold over the last year, from $400,000 to $2 million.

    While the ransom payment rate has increased, only 24% of respondents say that their payment matched the original request - 44% paid less than the original demand, while 31% paid more.

    Image: Sophos

For more insights into ransom payments, and many other areas, download the full report

About the Survey

The report is based on the findings of an independent, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA and Asia-Pacific. All respondents represent organizations with between 100 and 5,000 employees. The survey was conducted by research specialist Vanson Bourne between January and February 2024, and participants were asked to respond based on their experiences over the previous year. Within the education sector, respondents were split into lower education - catering to students up to 18 years old - and higher education - for students more than 18 years old.

About the Author

Sally Adam

Sally Adam

Senior Director, Marketing, Sophos

Adam is responsible for many of Sophos external research-based reports and educational resources. She has more than 15 years of experience in cybersecurity and combines deep knowledge of both adversary trends and Sophos technologies to help organizations optimize their protection.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.