14 hours ago
- Business
- New Straits Times
Half of ransomware victims paid hackers, according to a study
KUALA LUMPUR: Nearly 50 per cent of organisations affected by ransomware chose to pay the ransom to recover their data, the second-highest rate recorded in six years, according to cybersecurity company Sophos.
The data comes from Sophos' sixth annual State of Ransomware report, a vendor-neutral global survey of IT and cybersecurity leaders across 17 countries, offering insights into the real-world impact of ransomware on businesses.
Notably, while many victims opted to pay, 53 per cent of them ended up negotiating and paying less than the attackers' original demand.
In 71 per cent of those cases, companies managed to lower the amount through negotiation, either on their own or with the help of a third party.
The survey also found that from 2024 to 2025, the median ransom demand dropped by a third and the median payment fell by half, indicating companies are becoming more effective at limiting ransomware impact.
Overall, the median ransom payment was one million dollars, although the initial demand varied significantly depending on organisation size and revenue.
The median ransom demand for companies with over US$1 billion in revenue was five million dollars, while organisations with US$250 million in revenue or less saw median ransom demands of less than US$350,000.
Meanwhile, the study also found that for the third year in a row, exploited vulnerabilities were the leading technical root cause of attacks.
In addition, 40 per cent of ransomware victims said attackers took advantage of a security gap they were not aware of, highlighting the ongoing challenge organisations face in identifying and securing their attack surface.
Overall, 63 per cent of organisations said resourcing issues contributed to them falling victim to the attack.
Lack of expertise was the top operational cause among organisations with more than 3,000 employees, while lack of people or capacity was most often cited by those with 251 to 500 employees.
Sophos director and global field chief information security officer (CISO) Chester Wisniewski said for many organisations, the chance of being compromised by ransomware actors is just a part of doing business in 2025.
"The good news is that, thanks to this increased awareness, many companies are arming themselves with resources to limit damage.
"This includes hiring incident responders who can not only lower ransom payments but also speed up recovery and even stop attacks in progress," he said in a statement.
He added that ransomware can still be "cured" by tackling the root causes of attacks, such as exploited vulnerabilities, lack of visibility into the attack surface, and limited resources.
He noted that Sophos is seeing more companies recognise they need help and move to managed detection and response (MDR) services for defence.
"MDR coupled with proactive security strategies, such as multifactor authentication and patching, can go a long way in preventing ransomware from the start," he said.
Data for the State of Ransomware 2025 report comes from a vendor-agnostic survey of 3,400 IT and cybersecurity leaders in organisations that were hit by ransomware in the previous year.
Organisations surveyed ranged from 100 to 5,000 employees and across 17 countries.
