Ransomware payments rocket 500%, recovery costs drop 36%

The average ransom payment has increased 500% in the last year, with firms in Singapore that paid the ransom reporting an average payment of US$1,584,130 and a global average of $3,960,917, according to Sophos.

Data for the latest State of Ransomware report from Sophos comes from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. 

Respondents were based in 14 countries across the Americas, EMEA (Europe, Middle East and Africa)  and the Asia-Pacific regions.

Excluding ransoms, the survey found the average cost of recovery reached $2.2 million, a decrease of more than $1 million since the $3.46 million that Sophos reported in 2023. 

Despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 64% of Singaporean organisations being hit, compared with 84% in 2023. 

While the propensity to be hit by ransomware increases with revenue, even the smallest organisations (less than $10 million in revenue) are still regularly targeted, with just under half (47%) hit by ransomware in the last year globally. 

The 2024 report also found that 42% of ransom demands in Singapore were for $1 million or more, suggesting ransomware operators are seeking huge payoffs. Unfortunately, these increased ransom amounts are not just for the highest-revenue organisations surveyed. 

Globally, nearly half (46%) of organisations with revenue of less $50 million received a seven-figure ransom demand in the last year. 

John Shier, field CTO at Sophos, said that ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. 

“Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks,” said Shier. “The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime.”

“The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume,” he added.

For the second year running, exploited vulnerabilities were the most commonly identified root cause of an attack, impacting 33% of Singaporean organisations. 

This was closely followed by compromised credentials (21%). This is directly in line with recent, in-the-field incident response findings from Sophos’ most recent Active Adversary report.

Victims worldwide where the attack started with exploited vulnerabilities reported the most severe impact to their organisation, with a higher rate of backup compromise (75%), data encryption (67%) and the propensity to pay the ransom (71%) than when attacks started with compromised credentials. 

The surveyed organisations also had considerably greater financial and operational impact, with the average recovery cost sitting at $3.58 million compared with $2.58 million worldwide, and when an attack started with compromised credentials and a greater proportion of attacked organisations taking more than a month to recover. 

In Singapore, the average bill incurred by Singaporean organisations to recover from a ransomware attack was reported at $2.2 million, a drop from the $3.46 million reported in 2023. 

Key findings also show that the eventual ransom paid by Singaporean organisations, was on average, 77% of the initial demand. In comparison, globally, organisations paid 94% of the initial demand.

All Singaporean ransom payments are funded from multiple sources, above the global average of 82%.

In 98% of Singaporean ransomware attacks, cybercriminals tried to compromise the organisation’s backups, above the global average of 94%. Close to half (45%) of backup compromise attempts were successful, but below the global average of 57%.

Data was also stolen in 25% of attacks where data was encrypted, below the global average of 32% but above the 16% reported by Singaporean respondents in the 2023 study – increasing attackers’ ability to extort money from their victims.