Site icon Nairametrics

Cyberattacks: Ransomware payments globally surge by 500% in 2023—Report

ransomware

The latest report from cybersecurity firm Sophos revealed that ransom payments by companies globally hit with ransomware increased by 500% in 2023.

According to the “State of Ransomware 2024”, organizations that paid the ransom reported an average payment of $2 million, up from $400,000 recorded in 2022.

It, however, noted that ransoms are just one part of the cost. Excluding ransoms, Sophos’ survey found the average price of recovery reached $2.73 million, an increase of almost $1 million from the $1.82 million that the company reported last year.

Sophos in the report, added that despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 59% of organizations being hit, compared with 66% in 2022.

The 2024 report also found that 63% of ransom demands were for $1 million or more, with 30% of demands for over $5 million, suggesting ransomware operators are seeking huge payoffs.

News continues after this ad

Ransomware as dominant threat

Commenting on the report, the Chief Technical Officer of Sophos, John Shier, said:

 Causes of attacks

The report further revealed that for the second year running, exploited vulnerabilities were the most commonly identified root cause of an attack, impacting 32% of organizations. This was closely followed by compromised credentials (29%) and malicious email (23%).

Sophos noted that this is directly in line with recent, in-the-field incident response findings from its most recent Active Adversary report.

To defend against ransomware attacks, Sophos recommended some best practices, which include understanding their risk profile and prioritizing the riskiest.

Sophos also advised businesses to implement endpoint protection that is designed to stop a range of evergreen and constantly changing ransomware techniques, such as Sophos Intercept X.

Sophos disclosed that data for the State of Ransomware 2024 report came from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. According to the company, respondents were based in 14 countries across the Americas, EMEA and Asia Pacific.

Exit mobile version