- Sophos is investigating organizations that have suffered ransomware -attack
- On average, they paid 85% of the requirements
- The average demand has fallen to $ 1.3 million this year so far
New research from Sophos has found as Ransomware -attacks have become more productive than ever, more and more companies are throwing demands, with organizations that pay an average of 85% of ransom.
Demand in the average ransom has fallen from $ 2 million in 2024 to $ 1.3 million in 2025. About half (53%) of those who paid gave over less than half of original demand, but worrying, 18% paid more more than originally asked for – with the British on average 103%
Recently, Ransomware -attacks have sky -high to new heights and cost more than ever, not only in payments, but also in lost data, downtime and regulatory fines -with Sophos’ survey, which on average reveals $ 1.83 million in recovery costs for companies with between 1.00-5,000 employees.
Data at risk
Almost half (49%) of the organizations surveyed chose to pay ransom, a slight increase from 56% by 2024.
This despite some governments that implement a ransomware payment ban that prohibit organizations in the public sector from leaving money to ransom gangs -and private organizations are encouraged to do the same.
In a ransomware -attack, the primary target of criminal data, and the study found that data encryption is at its lowest level of six years – with 50% of the attacks, resulting in data encryption, down from 70% by 2024.
If criminals get hold of your data and encrypt them, they can essentially keep your systems hostage and seriously interfere with your operations – so fewer encryptions, the better.
However, not all doom and gloom are, as 97% of organizations that had data encrypted were able to restore them.
The original technical root of attacks was most often (32%) through utilized vulnerabilities with malicious e emails (23%) and compromised credentials (30%) close to the back.
Unfortunately, a lack of expertise was the most common operational root cause – with 40%of respondents with reference to this – as well as unknown security holes (40%) and a lack of necessary cyber security products or expertise (39%). This shows that organizations are basically under -prepared on the ever -growing threat of ransomware.
“For many organizations, the chance of being compromised by ransomware -actors is just part of doing business by 2025. The good news is that thanks to this increased attention, many companies are armed with resources to limit injuries. This includes hiring incident responders who can not only lower ransom payments, but also speed up and even stop attacks,” Wisniewski, Director, Director, Director, Director, Sophos.
“Of course, ransomware can still be” hardened “by tackling the basic causes of attack: utilized vulnerabilities, lack of visibility in the attack surface and too few resources. We see more companies recognize that they need help and relocation to controlled detection and response (month) services for defense.
