The average bill for rectifying a ransomware attack has doubled, reaching a $1.85 million

The latest “The State of Ransomware 2021” report released by professional IT security and protection company Sophos pointed out that the average total cost of ransomware attacks has more than doubled in one year, from $761,106 in 2020 to $1.85 million in 2021.

The report is based on a survey of 5,400 IT professionals from 30 countries. In-depth study of the ubiquity and impact of ransomware, including the year-on-year trend. It also disclosed for the first time the actual ransom paid by the victim and how much data the victim can recover after payment.

The report states that the current average ransom paid by medium-sized companies is $170,404, but only 8% of organizations managed to retrieve all data after paying the ransom, and 29% of organizations retrieved less than half. The number of organizations attacked by ransomware dropped from 51% in 2020 to 37% in 2021; companies whose data was encrypted due to major attacks also dropped from 73% in 2020 to 54% in 2021.

But at the same time, the survey results also revealed some new hidden dangers, especially in terms of the impact of ransomware attacks. Taking into account the downtime, personnel time, equipment cost, network cost, opportunity loss, paid ransom, etc., the total cost of a ransomware attack has risen to $1.85 million. This means that the average total cost of a ransomware attack has reached 10 times the size of the ransom payment.

In addition, since last year, extortion-style attacks where data was not encrypted but the victim was still held to ransom have more than doubled since last year, up from 3% to 7%.

Chester Wisniewski, the chief research scientist at Sophos, said that the significant decline in the number of organizations attacked by ransomware is good news, but this may also reflect changes in the behavior of attackers. Attackers have moved from larger-scale, general-purpose, automated attacks to more targeted attacks. Therefore, although the overall number of attacks has decreased as a result, the potential damage caused by these more advanced and sophisticated targeted attacks is actually much higher. This type of attack is also harder to recover. The doubling of the repair cost is an obvious example.