Skip to main content

Paying for ransomware doesn't always mean you get your data back

Ransomware
(Image credit: Image source: Shutterstock/Nicescene)

Agreeing to ransom demands does not guarantee the safe return of data following a ransomware attack, a new report from security firm Sophos suggests.

Polling 5,400 IT decision-makers from organizations all over the world, Sophos found that just eight percent of ransomware victims managed to get all their data back after paying the ransom. Almost a third (29 percent) got no more than half of their data back.

The number of ransomware attacks has been steadily shrinking, but ransom demands and cost of remediation have grown. The numbers suggest criminals are no longer casting a wide net, but rather targeting specific organizations in anticipation of higher payments.

According to the Sophos report, the number of businesses experiencing a ransomware attack fell from 51 percent in 2020, to 37 percent this year. Furthermore, fewer businesses suffered data encryption after a “significant attack” (from 73 percent, down to 54 percent). 

However, the cost of remediation, which includes business downtime, lost orders, operational costs and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021.

It’s ten times more expensive to remedy an attack, than to pay the ransom. For this reason, the number of businesses paying the ransom jumped from 26 percent last year, to 32 percent today.

Of all the businesses polled for the report, the highest payment sits at $3.2 million, while the average sits at $170,404.