HALF of businesses that came under ransomware attacks paid an average of $1 million in ransom, a survey by cybersecurity firm Sophos has revealed.
Ransomware is a malware that prevents companies from accessing computer files, systems or networks, and demands a payment for their return.
“When hackers gain access to a network, it takes less than four days to deploy ransomware,” technology firm IBM said. “This speed gives organizations little time to detect and thwart potential attacks.”
Ransomware attacks can lead to costly disruptions to operations and loss of critical data.
In its Cost of a Data Breach report, IBM put the average cost of a ransomware breach in 2023 at $5.68 million, and this does not include ransom payments.
While nearly half of the companies paid the ransom to recover their data, 53 percent were able to negotiate an amount lower than initially demanded, Sophos said in its State of Ransomware 2025 survey of 3,400 information technology and cybersecurity leaders across 17 countries.
The willingness to pay ransom reflects a failure by many businesses to protect encrypted data against cyberattacks.
Many organizations have come to acknowledge the chance of being compromised by ransomware criminals as just a part of doing business, Sophos said.
Among the tempting targets — because they could be more likely to pay a ransom — are government agencies or health care facilities that often need immediate access to their files, and law firms and other offices with sensitive data.
Ransomware developers have become sophisticated that they now run their operations like a corporate enterprise.
Some of them have also formed partnerships with other players in the dark web. They share their malware code with cybercriminals through ransomware as a service (RaaS) arrangements, IBM said.
“The cybercriminal, or ‘affiliate,’ uses the code to carry out an attack and splits the ransom payment with the developer. It’s a mutually beneficial relationship. Affiliates can profit from extortion without having to develop their own malware, and developers can increase their profits without launching more cyberattacks,” the company said.
The ransom demanded depends on the victim’s paying capacity. Sophos said corporations with revenues exceeding $1 billion were asked for an average of $5 million, while smaller firms with revenues under $250 million typically received demands below $350,000.
Searchlight Cyber, an international agency that identifies, tracks and prevents cyberthreats, said there were 73 active ransomware groups in 2024 compared to 46 groups last year — a 56-percent increase.
Recent crackdowns on large RaaS gangs helped bring down ransomware attacks, but cybersecurity experts are not ruling out a resurgence.
“What we observe right now is a more fragmented ransomware ecosystem. … When large RaaS groups are disrupted, we typically see a number of smaller copycat groups emerging,” one expert said.
There is some good news. Because of increased awareness of the threat of ransomware, “many companies are arming themselves with resources to limit damage,” Sophos said.
In the Philippines, more companies are going online to keep pace with the digital transformation. Many of them, however, do not have an adequate cybersecurity system, making them easy prey for malware developers.
Fabio Fratucello, field chief technology officer at cybersecurity company Crowdstrike, told Manila Times columnist Noemi Lardizabal-Dado that “today’s adversaries no longer break in — they log in.”
Fratucello was referring to the use of stolen credentials to access corporate data systems. “Once inside, they operate as legitimate users, bypassing conventional security controls and moving laterally across endpoints, identities and cloud environments,” he said.
Cybercriminals are also turning to artificial intelligence (AI) to hone their expertise. Fratucello said there was a 442-percent increase in vishing (voice phishing) attacks between the first and second half of 2024. “And it’s not just humans behind the messages anymore. Generative AI is being used to craft phishing emails that are more convincing harder to spot…”
Fratucello stressed the need for a “continuous, real-world-aligned cybersecurity education” and harnessing AI to detect and stop attacks.
“Philippine businesses need to shift their mindset,” he said. “Cybersecurity is not a technical issue anymore. It is a business imperative.”
Until that mindset is achieved, organizations run the risk of critical information being held hostage.
