Ransomware attacks, payouts soared globally in 2021

The average cost to recover from the most recent ransomware attack in 2021 was US$1.4 million.
28 April 2022

The US spent US$1.2 billion on ransomware payments in 2021. (source – Kaspersky)

  • Sophos report shows that 66% of organizations surveyed were hit with ransomware attacks in 2021, up from 37% in 2020
  • There is s a 3X increase in the proportion of organizations paying ransoms of US$1 million or more, based on the demographic surveyed
  • The survey shows the proportion of victims paying up also continues to increase, even when they may have other options available
  • Many organizations rely on cyber insurance to help them recover from a ransomware attack

The last two years have seen ransomware attacks skyrocketing to become the most prominent malware threat in this post-pandemic climate. What’s more alarming however is the fact that extortion payments are rising dramatically too. In 2021, the average ransom paid by organizations increased nearly fivefold to reach US$812,360, according to UK-based cybersecurity company Sophos. 

The Sophos State of Ransomware 2022 report surveyed 5,600 mid-sized organizations in 31 countries across Europe, the US, Asia Pacific, Central Asia, the Middle East, and Africa, 965 of them shared details of ransomware payments. Overall, 11% of organizations said they paid ransoms of US$1 million or more in 2021, up from 4% in 2020, while the percentage of organizations paying less than US$10,000 dropped to 21% from 34% in 2020.

Sophos highlighted that the average ransom paid by organizations that had data encrypted in their most significant ransomware attack, increased nearly fivefold to reach US$812,360, with a threefold increase in the proportion of organizations paying ransoms of US$1 million or more. “46% of the organizations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups,” the report shows.

Sophos’ principle research scientist Chester Wisniewski highlighted that, “Alongside the escalating payments, the survey shows that the proportion of victims paying up also continues to increase, even when they may have other options available. He attributed it to several reasons, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. 

To be precise, 46% of organizations that had data encrypted in a ransomware attack paid the ransom, Sophos data shows. Some 26% of organizations that were able to restore encrypted data using backups in 2021 also paid the ransom. On top of those, the impact of a ransomware attack has also been immense as Sophos noted that the average cost to recover from the most recent ransomware attack in 2021 was US$1.4 million.  

“In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk

Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more. If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack,” Wisniewski said. 

The year of ransomware attacks and cyber insurance

It is commonly known by now that ransomware attacks took center stage especially since the pandemic. Sophos findings show that 66% of organizations were hit by ransomware in 2021, up from 37% in 2020. That is a 78% increase over the course of a year, demonstrating that adversaries have become considerably more capable at executing the most significant attacks at scale

The cybersecurity company said it reflects the growing success of the Ransomware-as-a-Service model which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack. The report also highlighted how the increase in successful ransomware attacks is part of an increasingly challenging broader threat environment.

The upside is that over four in five mid-sized organizations have cyber insurance against ransomware. “However, while 83% of respondents say their organization has cyber insurance that covers them if hit by ransomware, 34% say there are exclusions/exceptions in their policy,” Sophos noted in the report.

Nonetheless, as the cyber insurance market hardens and it becomes more challenging to secure cover, 97% of organizations that have cyber insurance have made changes to their cyber defense to improve their cyber insurance position, Sophos noted.