The Bottom Line Upfront
Ransom payments have skyrocketed by 500% in the past year, with the average payment reaching $2 million, according to a report by Sophos. This marks a significant increase from the average payment of $400,000 in 2023, indicating that ransomware operators are demanding larger sums from their victims. Despite a decrease in the number of organizations being attacked by ransomware, with 59% being targeted in the past year compared to 66% in 2023, the size of the ransom demands continues to grow.
The Breakdown
- The surge in ransom payments highlights the increasing profitability of ransomware attacks, incentivizing cybercriminals to target organizations for larger sums of money. This trend poses a significant threat to businesses of all sizes and underscores the importance of implementing robust cybersecurity measures.
- Nearly two-thirds (63%) of ransom demands made in the past year were $1 million or more, with 30% of demands exceeding $5 million.
- Despite the high ransom demands, only 24% of respondents paid the full amount originally requested by the attackers, while 44% negotiated and paid less than the initial demand.
- On average, ransom payments made were worth 94% of the initial ransom demand.
- The report also revealed that funding for ransom payments came from various sources, with 40% of the funding provided by the victim organizations themselves and 23% coming from insurance providers.
- Large organizations with an annual revenue of over $5 billion were more likely to pay the ransom demands, with 61% of them choosing to do so after being attacked.
