Fraud Management & Cybercrime
,
Governance & Risk Management
,
Insider Threat
Experts Say MDR Services and Proactive Defense Can Break the Payment Cycle
Organizations across Asia Pacific and Japan are seeing some relief from ransomware criminals, especially in terms of the ransom cost. The median ransom demand in the region plunged from $1 million in 2023 to $500,000 in 2024, according to the sixth annual Sophos State of Ransomware 2025 report.
But nearly 54% of organizations paid the ransom to regain access to their encrypted data, and 50% of those who paid managed to negotiate a lower settlement – independently or with the help of external experts. The median payment reduced to $471,000, offering optimism amid ongoing threats.
Exploited vulnerabilities topped the charts of technical causes for attacks at 27%, followed by compromised credentials at 23%. Organizations also identified resourcing issues as a factor in them falling victim to the attack, with lack of people or capability at 42% and lack of protection at 42% as equal top operational causes for being hit by ransomware.
“For many organizations, the chance of being compromised by ransomware actors is just a part of doing business in 2025. The good news is, thanks to this increased awareness, many companies are arming themselves with resources to limit damage. This includes hiring incident responders who can not only lower ransom payments but also speed up recovery and even stop attacks in progress,” said Chester Wisniewski, director and field CISO at Sophos.
“Ransomware can be ‘cured’ by tackling the root causes of attacks: exploited vulnerabilities, lack of visibility into the attack surface and too few resources. We’re seeing more companies recognize they need help and moving to managed detection and response, or MDR, services for defense. MDR coupled with proactive security strategies, such as multifactor authentication and patching, can go a long way in preventing ransomware from the start,” Wisniewski said.
Report Highlights
The State of Ransomware 2025 report showed the following:
- Almost 55% of APJ companies stopped ransomware attack before data was encrypted, compared to 44% globally.
- Only 55% of APJ companies used backups to restore their data.
- The average cost of recovery was $375,000, which excludes ransom payment.
- Nearly half – 49% – of organizations fully recovered from a ransomware attack in a week. Only 20% took more than a month to recover.
Best Practices
Sophos recommends the following best practices to help organizations defend against ransomware and other cyberattacks:
- Take steps to eliminate common technical and operational root causes of attacks, such as exploited vulnerabilities. Tools, such as Sophos Managed Risk, can help companies assess their risk profile and minimize their exposure.
- Ensure all endpoints, including servers, are well-defended with dedicated anti-ransomware protection.
- Have an incident response plan in place and tested for when things go wrong. Have good backups and practice restoring data regularly.
- Companies need around-the-clock monitoring and detection. If they do not have the resources in-house for this, they can work with a trusted MDR provider.
Learn how MDR can neutralize attacks like ransomware in real time by registering for the webinar Behind the Shield: Real-World Stories of Thwarted Ransomware Attacks here.
