In context: Sophos has released its latest report on the state of ransomware, surveying thousands of professionals and critical national infrastructure organizations across 14 countries and 15 industries. According to the British security company, file-encrypting threats have become more complex and sophisticated.
According to figures included in the report, ransomware attacks are causing CNI companies and organizations to pay significantly more than in the past. The median ransom payment rose to $2.54 million last year, which is 41 times larger than the previous year's amount ($62,500).
Payments have been even higher in the first months of 2024, with a median sum of $3.225 million. The report is based on real-world ransomware attacks, Sophos explains, but not all CNI victims were willing to disclose full details about their specific experiences. This suggests that the real situation could be even worse.
IT and tech-related companies are seemingly less willing to pay the ransom, with a median payment of just $330,000. Meanwhile, education-related and federal government organizations have reported the highest average payments at $6.6 million. Costs associated with recovery procedures are skyrocketing as well.
The average cost to replace, repair, and recover data and systems rose to $3 million, with some industries forced to quadruple their expenses to recover from a ransomware infection. Organizations in the oil, gas, energy, and utility sectors had to pay slightly less ($3.12 million) compared to the previous year ($3.17 million), while energy and water CNI companies suffered the largest increase in recovery costs, up to $750,000.
Cyber-criminals seemed particularly fond of targeting companies managing power and water utilities, with 67 percent of these organizations reporting a ransomware attack, compared to a global average of 59 percent. Even after paying a ransom, companies are taking longer to recover from a ransomware infection.
The number of victims requiring more than a month to regain full control of their IT systems rose from 36 percent to 55 percent. Sophos suggests this is a consequence of more sophisticated and complex attacks, which require more extensive recovery work. On a positive note, almost all victims (98 percent) can recover their encrypted data eventually, with law enforcement agencies cooperating with 97 percent of them.
Lastly, Sophos advises that paying ransoms is never in the best interest of ransomware victims. An increasing number of organizations (61 percent) paid a ransom to recover their data, but they still had to extend the time needed to achieve full recovery. Paying ransoms also encourages cyber-criminals to perform more attacks in the future.