Ransomware payments nearly double in one year

Sophos stated that it is not surprising to find that the largest revenue organizations were the ones most prone to paying the highest ransoms, as attackers tailor the ransom amounts based on their ability to pay. Ransomware attacks involve unauthorized individuals gaining access to a computer system and deploying malicious software that encrypts the data, rendering it inaccessible. Subsequently, the attackers demand money in exchange for decrypting or unlocking the computers, and they may also steal data during the attack.

The Sophos report drew its findings from a survey of 3,000 senior IT and cybersecurity professionals across 14 countries, including the US, the UK, and Australia. Notably, the 2023 survey was smaller than the previous year's, interviewing 200 UK organizations as opposed to 5,600 professionals in 31 countries. The rate of ransomware attacks remained steady in the 2023 report, with about two-thirds of respondents reporting being hit by an attack. Singapore had the highest attack rate at 84%, while the UK had the lowest at 44%. South Africa saw a significant increase in attacks, rising from 51% of firms in the 2022 survey to 78%.

Among the different sectors, the education sector experienced the highest attack rate last year at 80%, evenly distributed between lower and higher education organizations, indicating a lack of resources and technology readiness. Following closely behind was the construction and property sectors, while IT, tech, and telecoms companies reported the lowest attack rates, suggesting a higher level of cyber preparedness.

Notably, companies with higher incomes were more likely to be targeted, especially those with annual revenues exceeding $5 billion. Approximately three out of ten attacks were initiated through email as the root cause, often involving phishing emails that trick individuals into clicking on links that download malicious software.

Sophos stated that it is not surprising to find that the largest revenue organizations were the ones most prone to paying the highest ransoms, as attackers tailor the ransom amounts based on their ability to pay. Ransomware attacks involve unauthorized individuals gaining access to a computer system and deploying malicious software that encrypts the data, rendering it inaccessible. Subsequently, the attackers demand money in exchange for decrypting or unlocking the computers, and they may also steal data during the attack.

The Sophos report drew its findings from a survey of 3,000 senior IT and cybersecurity professionals across 14 countries, including the US, the UK, and Australia. Notably, the 2023 survey was smaller than the previous year's, interviewing 200 UK organizations as opposed to 5,600 professionals in 31 countries. The rate of ransomware attacks remained steady in the 2023 report, with about two-thirds of respondents reporting being hit by an attack. Singapore had the highest attack rate at 84%, while the UK had the lowest at 44%. South Africa saw a significant increase in attacks, rising from 51% of firms in the 2022 survey to 78%.

Among the different sectors, the education sector experienced the highest attack rate last year at 80%, evenly distributed between lower and higher education organizations, indicating a lack of resources and technology readiness. Following closely behind was the construction and property sectors, while IT, tech, and telecoms companies reported the lowest attack rates, suggesting a higher level of cyber preparedness.

Notably, companies with higher incomes were more likely to be targeted, especially those with annual revenues exceeding $5 billion. Approximately three out of ten attacks were initiated through email as the root cause, often involving phishing emails that trick individuals into clicking on links that download malicious software.