Against the advice of pros more companies than ever are paying ransoms

  • Sophos notes a 500 percent increase in the number of ransoms paid by organisations in its 2024 State of Ransomware report.
  • As many as 87 percent of cyber insurance providers contributed to ransom payments.
  • The mean ransom demanded by cybercriminals in South Africa is $975 675.

Among the major findings in the Sophos State of Ransomware 2024 report is that ransom payment – where a company coughs up the fee charged by cybercriminals – has increased 500 percent. This is an alarming trend and while it may be quick to blame organisations for paying the ransom, there is likely a good reason for it.

That reason is that companies may have no choice but to pay given that 97 percent of ransomware attacks in South Africa, tried to compromise backups as well. Yes not only do companies need to worry about their live data, they need to worry about the backups of that data as well.

Ransomware is still a major threat for businesses with 69 percent of the 330 local companies surveyed saying such an attack hit them in the last year. While this is a decrease from the 2023 survey, it’s not all good news.

“We must not let the slight dip in attack rates give us a sense of complacency,” explains field chief technology officer at Sophos, John Shier.

“Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume.”

The good news is that 43 percent of local companies that were struck by ransomware paid the ransom, much less than the global average of 56 percent. However, the fact that these criminals are getting paid is seemingly enough to inspire them to continue their work.

What we found most alarming is that companies providing cyber insurance contribute to the ransom demands of cybercriminals. This was true for 87 percent of the incidents in South Africa, which is problematic.

The mean ransom demanded by cybercriminals in South Africa is $975 675 despite the mean payment being slightly lower at $958 100. Sophos tells us that cybercriminals are well aware of how much they can demand from local businesses. Given that these ne’er-do-wells have complete access to a company, they know how much to charge and how much they can negotiate for when it comes to payment.

Sophos also asked how long it took for respondents to recover from an attack and the bad news is that South Africans are getting slower. Only 41 percent of those targeted in an attack recovered in a week, down from 53 percent in 2023 while 26 percent took between one and six months, an increase from 19 percent in 2023.

“The two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable, yet still plague too many organisations. Businesses need to critically assess their levels of exposure to these root causes and address them immediately. In a defensive environment where resources are scarce, it’s time organizations impose costs on the attackers, as well. Only by raising the bar on what’s required to breach networks can organizations hope to maximize their defensive spend,” adds Shier.

Ransomware continues to plague businesses of all sizes from large to small enterprises and the damage can be monumental. Sophos advises businesses take the following advise to guard against attacks:

  • Prevention – The best ransomware attack is the one that didn’t happen because the adversaries couldn’t get into your organization.
  • Protection – Strong foundational security is a must. Endpoints (including servers) are the primary destination for ransomware actors, so ensure that they are well-defended, including dedicated antiransomware protection to stop and roll back malicious encryption.
  • Detection and response – The sooner you stop an attack, the better. Detecting and neutralizing an adversary inside your environment before they can compromise your backups or encrypt your data will considerably improve your outcomes.
  • Planning and preparation – Having an incident response plan that you are well versed in deploying will greatly improve your outcomes if the worst happens and you experience a major attack.

You can find highlights from the report in the PDF embedded below.


About Author


Related News