Average ransom payments have gone up 500%: Sophos

The average ransom payment has increased 500% in the last year, according to Sophos, a global provider of security solutions that defeat cyberattacks. In its annual State of Ransomware 2024 survey report, the company said that organisations in Singapore that paid the ransom reported an average payment of US$1,584,130, with a global average of US$3,960,917.

However, Sophos has pointed out that ransoms are just one part of the cost of a cyberattack. Excluding ransoms, the survey found the average cost of recovery reached US$2.20 M, a decrease of more than US$1 million compared to the US$3.46 M that Sophos reported in 2023.

Despite the soaring ransoms, this year’s survey indicates a slight reduction in the rate of ransomware attacks with 64% of Singaporean organisations being hit, compared with 84% in 2023. While the propensity to be hit by ransomware increases with revenue, even the smallest organisations (under US$10 M in revenue) are still regularly targeted, with just under half (47%) hit by ransomware in the last year globally.

The 2024 report also found that 42% of ransom demands in Singapore were for US$1 M or more, suggesting ransomware operators are seeking huge payoffs. Unfortunately, these increased ransom amounts are not just for organisations with the highest revenue. Globally, nearly half (46%) of organisations with revenue of under US$50 M received a seven-figure ransom demand in the last year.

“We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fuelling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks. 

"The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multimillion-dollar ransoms, there are others that settle for lower sums by making it up in volume,” said John Shier, Field CTO, Sophos.

For the second year running, exploited vulnerabilities were the most commonly identified root cause of an attack, impacting 33% of Singaporean organisations. This was closely followed by compromised credentials (21%). This is directly in line with recent, in-the-field incident response findings from Sophos’ most recent Active Adversary report.

Victims worldwide whose attack started with exploited vulnerabilities reported the most severe impact to their organisation, with a higher rate of backup compromise (75%), data encryption (67%) and the propensity to pay the ransom (71%) than when attacks started with compromised credentials. Organisations worldwide which had been attacked via exploited vulnerabilities said the average recovery cost was US$3.58 M, compared with US$2.58 M when an attack started with compromised credentials. A greater proportion of attacked organisations took more than a month to recover after an attack with exploited vulnerabilities. 

Locally, the average bill incurred by Singaporean organisations to recover from a ransomware attack was reported at US$2.2 M, against US$3.46 M reported in 2023.

Other findings from the report include:

 The eventual ransom paid by Singaporean organisations, was on average, 77% of the initial demand. In comparison, globally, organisations paid 94% of the initial demand. 

 All Singaporean ransom payments are funded from multiple sources, above the global average of 82%.

 In 98% of Singaporean ransomware attacks, cybercriminals tried to compromise the organisation’s backups, above the global average of 94%. Forty-five percent 45% of backup compromise attempts were successful. This is below the global average of 57%.

 Data was also stolen in 25% of Singapore attacks where data was encrypted, below the global average of 32% but above the 16% reported by Singaporean respondents in Sophos' 2023 study.

“Managing risk is at the core of what we do as defenders. The two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable, yet still plague too many organisations. Businesses need to critically assess their levels of exposure to these root causes and address them immediately. In a defensive environment where resources are scarce, its time organisations impose costs on the attackers, as well. Only by raising the bar on what's required to breach networks can organisations hope to maximise their defensive spend,” said Shier. Sophos recommends the following best practices to help organisations defend against ransomware and other cyberattacks:

 Understand your risk profile, with tools such as Sophos Managed Risk which can assess an organisation’s external attack surface, prioritise the riskiest exposures and provide tailored remediation guidance

 Implement endpoint protection that is designed to stop a range of evergreen and constantly changing ransomware techniques, such as Sophos Intercept X

 Bolster your defenses with round-the-clock threat detection, investigation and response, either through an in-house team or with the support of a Managed Detection and Response (MDR) provider

 Build and maintain an incident response plan, as well as making regular back-ups and practicing recovering data from backups

Data for the State of Ransomware 2024 report comes from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organisations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion. Read the State of Ransomware 2024 report for global findings and data by sector on Sophos.com.

Explore

 The latest techniques, tactics and procedures (TTPs) of cyber attackers in the Active Adversary Report for 1H 2024

 The evolving ransomware business model in Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch

 Ransomware attackers targeting managed service providers (MSPs) in the 2024 Sophos Threat Report: Cybercrime on Main Street

 The role of unpatched vulnerabilities in ransomware attacks

 The rise of remote encryption among ransomware groups

 Sophos X-Ops and its groundbreaking threat research by subscribing to the Sophos X-Ops blogs

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more