Follow Us on Google
By Chinenye Anuforo
A new report from cybersecurity firm, Sophos, indicated that a significant number of businesses are choosing to pay ransoms following cyberattacks, with nearly 50% of companies opting to retrieve their data through payment.
The sixth annual State of Ransomware report, released yesterday by Sophos, highlighted the ongoing struggle businesses face against evolving cyber threats, even as they show increasing success in negotiating down initial demands.
The survey, which polled IT and cybersecurity leaders across 17 countries, found that while the median ransom payment stands at $1 million, over half (53%) of affected companies successfully negotiated a lower amount than the initial demand. “For many organizations, the chance of being compromised by ransomware actors is just a part of doing business in 2025,” stated Chester Wisniewski, director, field CISO, Sophos. “The good news is that, thanks to this increased awareness, many companies are arming themselves with resources to limit damage.”
The report revealed a notable shift in negotiation tactics, with 71% of companies that paid less doing so through direct or third-party negotiations. This has led to a 50% drop in median ransom payments, from $2 million in 2024 to $1 million in 2025, despite the median ransom demand only dropping by a third.
Other News
Exploited vulnerabilities remain the leading technical cause of attacks for the third consecutive year. A staggering 40% of ransomware victims reported that adversaries exploited security gaps they were unaware of, underscoring the persistent challenge organizations face in understanding and securing their entire attack surface. Operational issues also play a significant role, with 63% of organizations citing resourcing problems, including a lack of expertise or capacity, as a contributing factor to their vulnerability.
Despite the high rate of payment, there are signs of progress in the fight against ransomware. The report noted that 44% of companies successfully stopped attacks before data encryption a six-year high and data encryption itself hit a six-year low, affecting only half of victimized companies. Recovery times are also improving, with over half (53%) of organizations fully recovering within a week, a significant jump from 35% last year.
“Of course, ransomware can still be ‘cured’ by tackling the root causes of attacks: exploited vulnerabilities, lack of visibility into the attack surface, and too few resources,” Wisniewski added. “We are seeing more companies recognize they need help and moving to Managed Detection and Response (MDR) services for defense. MDR coupled with proactive security strategies, such as multifactor authentication and patching, can go a long way in preventing ransomware from the start.”
The cost of recovery has also seen a positive decline, dropping from $2.73 million in 2024 to $1.53 million in 2025. While the median ransom payment was $1 million overall, it varied by organization size, with companies earning over $1 billion in revenue facing median demands of $5 million, compared to less than $350,000 for organizations with $250 million or less in revenue. Industry-wise, state and local governments reported the highest median payments ($2.5 million), while healthcare saw the lowest ($150,000).
Sophos recommended a multi-pronged approach to bolster defenses, including eliminating common root causes like exploited vulnerabilities, ensuring robust endpoint protection, having a tested incident response plan, regular data backup and restoration practice, and implementing 24/7 monitoring through in-house teams or trusted MDR providers.
The data for the State of Ransomware 2025 report was compiled from a vendor-agnostic survey conducted between January and March 2025, involving 3,400 IT and cybersecurity leaders from organizations across 17 countries that experienced ransomware attacks in the past year.
