Sophos, a security solutions provider, recently released its annual “State of Ransomware 2024” survey report showing that the average ransom payment increased 500 percent last year.
Organizations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023.
“However, ransoms are just one part of the cost. Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023,” the company said.
This year’s survey indicates a slight reduction in the rate of ransomware attacks, with 59 percent of organizations being hit, compared with 66 percent in 2023.
It said that while the propensity to be hit by ransomware increases with revenue, even the smallest organizations (less than $10 million in revenue) are still regularly targeted, with just under half (47 percent) hit by ransomware in the past year.
The 2024 report also found that 63 percent of ransom demands were for $1 million or more, with 30 percent of demands for over $5 million, suggesting ransomware operators were seeking huge payoffs.
Sophos said that these increased ransom amounts were not just for the highest-revenue organizations surveyed. Nearly half (46 percent) of organizations with revenue of less $50 million received a seven-figure ransom demand last year.
“We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks,” said John Shier, field CTO of Sophos.
“The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume,” Shier said.