- Survey organizations that have suffered ransomware attacks
- On average, they paid 85% of the demands
- The average demand has fallen to $ 1.3 million this year so far
The new Sophos research has found that ransomware attacks have become more prolific than ever, more and more companies are giving to demands, and organizations pay an average of 85% of the rescue.
The median rescue demand has decreased from $ 2 million in 2024, to $ 1.3 million in 2025. About half (53%) of those paid, they gave more than half of the initial demand, but worrying, 18% paid more of what was originally requested, with the United Kingdom paying an average of 103%
Recently, ransomware attacks have been winged for new ups and downs and cost more than ever, not only in payments, but also in lost data, inactivity time and regulatory fines, with the Sofos survey that reveals an average of $ 1.83 million in recovery costs for companies with between 1,00-5,000 employees.
Risk data
Little less than half (49%) of the surveyed organizations chose to pay the rescue, a slight increase of 56% in 2024.
This despite the fact that some governments implement a ransomware payment prohibition, which prohibits public sector organizations from giving money to rescue gangs, and private organizations are urged to do the same.
In a ransomware attack, the main objective for criminals is the data, and the survey found that data encryption is at its lowest level in six years, with 50% of the attacks that result in data encryption, below 70% in 2024.
If criminals get their data and encrypt them, they can essentially maintain their systems as hostages and seriously interrupt their operations, so less encrypted, better.
However, not everything is fatality and sadness, since 97% of organizations that had encrypted data could recover them.
The initial technical root of the attacks was more commonly (32%) through exploited vulnerabilities, with malicious electronic emails (23%) and compromised credentials (30%) closed.
Unfortunately, the lack of experience was the most common operational cause, with 40%of respondents citing this, as well as unknown security gaps (40%) and the lack of products or necessary cyber security experience (39%). This shows that organizations are fundamentally little prepared for the growing threat of ransomware.
“For many organizations, the possibility of being committed by Ransomware actors is only a part of doing business in 2025. The good news is that, thanks to this greater awareness, many companies are being armed with resources to limit the damage. This includes hiring the responders of incidents that can not only reduce rescue payments, but also the recovery of acceleration and even stop the attacks in progress,” says Wisniewski, The director of Field, the center of Field.
“Of course, ransomware can still be signed 'addressing the fundamental causes of attacks: exploited vulnerabilities, lack of visibility on the attack surface and very few resources. We are seeing that more companies recognize that they need help and move to detection and response services (MDR) for defense.
