Ransomware groups have been particularly harsh over the past year, according to the latest findings from Sophos' fifth annual State of Ransomware 2024 survey. This report sheds light on how ransomware attacks are evolving globally and their negative impact on businesses. For Managed Service Providers (MSPs), keeping up with these trends is vital to improving their cybersecurity services and protecting their clients.
The survey brings some positive news, showing a slight decrease in the rate of ransomware attacks. Only 59 percent of organizations were affected in the last year compared to 66 percent in the previous two years. While this decrease is encouraging, MSPs must continue to be proactive and vigilant with cybersecurity defenses that protect their clients' information and networks.
Ransomware Operators Are Seeking Huge Payoffs
The average ransom payment has increased fivefold from $400,000 to $2 million in the last year. The report also revealed that 63 percent of ransomware demands exceeded $1 million, with 30 percent surpassing $5 million. Paying a seven-figure or more ransom sum is now the norm.
A business can also choose not to pay the ransom. If so, then the cost of recovery still jumped to $2.73 million, an increase of nearly $1 million from the $1.82 million reported by Sophos in 2023. This rise in expenses highlights the importance of creating thorough plans to deal with ransomware and implementing strong backup and recovery strategies to reduce the financial impact on affected organizations.
Exploited Vulnerabilities Remain #1 Root Cause
For the second year running, exploited vulnerabilities continue to be the primary starting point of an attack, affecting 32 percent of organizations. Compromised credentials (29%) and malicious emails (23%) follow closely behind. Identifying and strengthening these weak spots can stop cybercrime attempts from evolving into full-fledged attacks.
More Victims Agree to Pay the Ransom
Surprisingly, more than half (56%) of organizations that had their data encrypted chose to pay the ransom to regain access. An alternative is recovery from backups. This method has slightly declined from last year (68% vs 70%). But organizations still need the expertise of MSPs to guide them on crafting effective data recovery plans and strategies to reduce risks because regardless of paying the ransom or using backups, victims rarely recover back to status quo. Prevention, protection, detection, and response through MSPs and a quality security vendor – stopping ransomware in the first place – is the best approach.
The findings in Sophos’ State of Ransomware 2024 survey report offer MSPs more details on these topics, as well as additional valuable information about how to strengthen clients defenses against ransomware attacks. By using this information to personalize proactive cybersecurity approaches and support services, MSPs, alongside Sophos, can significantly contribute to protecting organizations from the devastating impact of ransomware.
Download the full report for further insights on ransomware and related cybercrime topics.