Firms all over the world have been hit hard by ransomware gangs. Not only has the average ransom payment reached $2 million, but it takes another $2.7 million for a victim to fully recover.
Ransoms are only one part of the cost, warned cybersecurity company Sophos in its annual State of Ransomware 2024 report. The average recovery cost has jumped by nearly $1 million. Now, it takes over $2.7 million to get a business back up and running after an attack. And that’s on top of the ransom that the victim already paid to cybercriminals.
While the survey showed a slight reduction in the rate of ransomware attacks, they remain the most dominant threat, fueling the cybercrime economy.
“Without ransomware, we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal-opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill,” said John Shier, field CTO of Sophos.
And while some crooks go after major corporations hoping for multi-million dollar payments, plenty of gangs target small and medium businesses trying to make it up in volume.
Most often, cybercriminals exploit vulnerabilities and use compromised credentials and malicious emails to initiate ransomware.
Around a quarter of victims paid the ransom amount that was originally requested by attackers. While insurance providers are increasingly frowning upon ransomware payments, the Sophos survey showed that 23% of ransom funding came from them.
Another notable finding is crooks going after backups. In nearly all of the cases, ransomware gangs attempted to compromise the victims’ backups so they’d have no way to keep the business in operation without meeting their demands. Unfortunately, in 57% of the cases, crooks were successful in compromising backups.
“The two most common root causes of ransomware attacks – exploited vulnerabilities and compromised credentials – are preventable, yet still plague too many organizations,” Shier added.
Your email address will not be published. Required fields are markedmarked