Cyberattacks: Ransomware Payments Increase 500%, Recovery Costs Hit $2.73m

The payment for ransomware in 2023 increased by 500 percent as organisations made an average payment of $2 million, up from $400,000 in 2023.

This was revealed by Sophos, a global leader of innovative security solutions that defeat cyberattacks, in its latest annual “State of Ransomware 2024” survey report, which found that the average ransom payment increased 500 per cent last year.

Aside ransoms, the survey found that the average cost of recovery reached $2.73 million, an increase of almost $1 million above the $1.82 million that Sophos reported in 2023. Despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 59 per cent of organisations being hit, compared with 66 per cent in 2023.

While the propensity to be hit by ransomware increases with revenue, even the smallest organisations (less than $10 million in revenue) are still regularly targeted, with just under half (47%) hit by ransomware in the last year.

The 2024 report also found that 63 per cent of ransom demands were for $1 million or more, with 30 per cent of demands for over $5 million, suggesting that ransomware operators are seeking huge payoffs. Unfortunately, these increased ransom amounts are not just for the highest revenue organisations surveyed.

Nearly half (46%) of organisations with revenue of less $50 million received a seven-figure ransom demand in the last year. “We must not let the slight dip in attack rates give us a sense of complacency.

Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks.