The State of Ransomware 2024

The fifth Sophos State of Ransomware Report reveals the real-world ransomware experiences of 5,000 organizations around the globe, from root cause through to severity of attack, financial impact, and recovery time.

Based on the findings of a survey of IT/cybersecurity leaders across 14 countries, this year’s report combines year-on-year insights with brand new areas of study. It includes a deep dive into ransom demands and ransom payments, and shines new light on the role of law enforcement in ransomware remediation.

Download the report to get the full findings and read on for a taster of some of the topics covered.

Attack rates have dropped, but recovery costs have increased

59% of organizations were hit by ransomware last year, a small but welcome drop from the 66% reported in both the previous two years. While any reduction is encouraging, with more than half of organizations experiencing an attack, this is no time to lower your guard.

While the attack rate has dropped over the last year, overall recovery costs (excluding any ransom payment) have soared to $2.73M, a 50% from the $1.82M reported in 2023.

Having your full estate encrypted is rare

On average, just under half (49%) of an organization’s computers are impacted by a ransomware attack. Having your full environment encrypted is extremely rare, with only 4% of organizations reporting that 91% or more of their devices were impacted.

More than half of victims now pay the ransom

For the first time, more than half (56%) of the organizations that had data encrypted admit to paying the ransom to recover data. The use of backups has dropped slightly from last year (68% vs. 70%) while 26% used “other means” to get data back which include working with law enforcement or using decryption keys that had already been made public.

A notable change over the last year is the increase in propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). Almost half of organizations that had data encrypted reported using more than one method (47%) this time around, more than double the rate reported in 2023 (21%).

Ransom payments have soared – but victims rarely pay the initial sum demanded

1,097 respondents whose organization paid the ransom shared the actual sum paid, revealing that the average (median) payment has increased 5-fold over the last year, from $400,000 to $2 million.

While the ransom payment rate has increased, only 24% of respondents saying that their payment matched the original request. 44% paid less than the original demand, while 31% paid more.

For more insights into ransom payments, and many other areas, download the full report.

About the survey

The report is based on the findings of an independent, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific. All respondents represent organizations with between 100 and 5,000 employees. The survey was conducted by research specialist Vanson Bourne between January and February 2024, and participants were asked to respond based on their experiences over the previous year. Within the education sector, respondents were split into lower education (catering to students up to 18 years) and higher education (for students over 18 years).