Ransomware Rebounds: Nearly Half of Affected Firms Paid Hackers, Says Sophos

Ransomware attacks have once again surged globally, with nearly 50% of victimized organizations paying hackers to recover their data — marking the second-highest rate in the past six years, according to the annual State of Ransomware Report by cybersecurity firm Sophos.

The study, based on responses from IT and cybersecurity professionals across 17 countries, reveals that 53% of paying organizations negotiated a ransom lower than the original demand. Among these, 71% succeeded in reducing the payment amount either independently or with third-party assistance.

On average, organizations paid around $1 million in ransom. However, the demanded amounts varied depending on organizational size and revenue. Entities with over $1 billion in annual revenue faced demands averaging $5 million, while smaller firms earning less than $250 million were typically asked to pay under $350,000.

Over the past three years, the leading cause of ransomware attacks has been “exploited vulnerabilities.” A staggering 40% of affected organizations admitted that attackers took advantage of security flaws they had not previously identified. A total of 63% cited lack of personnel or resources as a key contributor — with larger firms struggling to find skilled professionals and medium-sized businesses facing general manpower shortages.

To guard against future attacks, Sophos recommends a proactive ransomware defense strategy. This includes identifying and mitigating software vulnerabilities through risk assessments, deploying robust anti-ransomware protection on all endpoints and servers, regularly testing data restoration as part of a backup plan, and subscribing to trusted managed detection and response (MDR) services.