Nearly half of companies say they pay up ransomware demands – but here’s why that could be a bad idea

0 0 2 minutes read

Sophos Investigation of organizations that have undergone ransomware attacks
On average, they paid 85% of requests
Average demand fell to $ 1.3 million this year so far

New research from Sophos has found that ransomware attacks have become more prolific than ever, more and more companies are trying to demand, organizations by paying an average of 85% of the ransom.

The median demand for ransom rose from $ 2 million in 2024 to $ 1.3 million in 2025. About half (53%) of those who paid, gave more than half of the initial demand, but with concern, 18% paid more that it was initially requested – the United Kingdom paying on average 103%

Recently, ransomware attacks have reached new heights and have cost costs more than ever, not only payments, but also lost data, downtime and regulatory fines – the Sophos survey revealing an average of $ 1.83 million in recovery costs for companies with 1,00 and 5,000 employees.

Risk data

A little less than half (49%) of the organizations questioned chose to pay the ransom, a slight increase compared to the 56% in 2024.

This despite certain governments which implement a ban on the payment of ransomware, which prohibits public sector organizations from putting money to ransom gangs – and private organizations are invited to do the same.

In a ransomware attack, the main objective of criminals is the data, and the survey has revealed that data encryption is at its lowest level in six years – with 50% of attacks resulting in data encryption, compared to 70% in 2024.

If criminals get a hand on your data and encrypt it, they can mainly keep your systems hostage and seriously disturb your operations – if less encryption, the better.

However, it is not all bad, because 97% of organizations that had encrypted data were able to recover it.

The initial technical root of attacks was most often (32%) through operated vulnerabilities, with malicious e-mails (23%) and compromised identification information (30%).

Unfortunately, the lack of expertise was the most common operational cause – with 40%of respondents citing this – as well as unknown safety gaps (40%) and a lack of required products or expertise of cybersecurity (39%). This shows that organizations are fundamentally sub-prepare for the ever-increasing threat of ransomware.

“For many organizations, the chances of being compromised by ransomware actors are only part of the business practice in 2025. The good news is that, thanks to this increased awareness, many companies are moving resources to limit damage.

“Of course, ransomware can always be” healed “by attacking the deep causes of the attacks: exploited vulnerabilities, the lack of visibility in the surface of the attack and too few resources. We see more companies recognizing that they need help and go to the detection and the managed response (MDR) for the defense. MDR Coupled Angléd Angled Way to prevent multifactor ransituents.