Ransomware Payments Rise as Sophos Urges Vigilance
Still, fewer ransomware attacks doesn’t mean reduced impact. According to Sophos, the average ransom payment across all industries rose fivefold over the previous year, from $400,000 to $2 million. Additionally, average recovery costs soared to $2.73 million, up from $1.82 million in 2023.
That’s a big reason that Sophos Field CTO John Shier urges organizations to stay vigilant.
“We must not let the slight dip in attack rates give us a sense of complacency,” Shier says. “Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware, we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal-opportunity crime.”
There were notable ransomware cyberattacks last year on state and local governments in Fulton County, Ga., and Contra Costa County, Calif. The latter led officials to declare a state of emergency in the county.
Sophos’ research suggests that the relatively low rate of ransomware attacks against state and local governments could indicate stronger defenses. But the IT security firm also notes that cybercriminals might be shifting to other industries that may be more profitable. (State and local governments stood near the middle of the pack for ransom payments, with an average of $5.2 million per event.)
“The ransomware landscape offers something for every cybercriminal, regardless of skill,” Shier says. “While some groups are focused on multimillion-dollar ransoms, there are others that settle for lower sums by making it up in volume.”
WATCH: The CIO of Lodi, Calif., discusses enhancing ransomware defenses.
Data Theft Remains a Big Concern for Ransomware Targets
While state and local governments saw the lowest ransomware attack frequency in the previous year, those events produced extraordinarily high rates of both data encryption and compromised backups. A stunning 98 percent of attacks against state and local governments led to data encryption, and 99 percent involved attempts to compromise backups.
These factors can put more pressure on organizations to pay ransoms, which could explain why state and local governments ended up shelling out ransoms that exceeded the amounts demanded by cybercriminals. State and local governments typically paid 104 percent of the initial ransom ask amount.
Data theft is another area of concern for state and local governments dealing with ransomware attacks, with 42 percent reporting stolen data following a ransomware attack, the fourth-highest percentage among all industries.
And in yet another reminder of the growing importance of zero trust for state and local governments, the report found that compromised credentials were behind 49 percent of ransomware attacks on state and local governments.
“The two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable, yet still plague too many organizations,” Shier says. “Businesses need to critically assess their levels of exposure to these root causes and address them immediately.”
