Ransomware Victims Improve Negotiation Tactics and Recovery Speed

In its annual State of Ransomware report, Sophos revealed that while nearly 50% of organizations paid a ransom in the past year—the second-highest rate in six years—over half managed to settle for less than the hackers’ initial demand. In 71% of these cases, firms either negotiated directly or leveraged third-party experts to cut down the price.

Chester Wisniewski, Field CISO at Sophos, emphasized that ransomware threats have become a routine part of business risk. However, he noted a shift in how victims respond. “With greater awareness, companies are increasingly hiring incident responders who not only minimize ransom costs but also accelerate recovery and sometimes even halt attacks midstream,” Wisniewski stated.

The report highlighted a 33% drop in median ransom demands between 2024 and 2025, while the actual amount paid halved to $1 million. Yet, not all negotiations favor the victims—28% of organizations ended up paying more than originally asked, often due to delayed responses, lack of backups, or hackers pressing for higher demands.

Ransom costs also varied across sectors. State and local governments faced the highest median payouts at $2.5 million, while healthcare organizations paid as little as $150,000. Larger companies, especially those with over $1 billion in revenue, encountered steeper demands—typically around $5 million—compared to smaller firms, which saw demands under $350,000.

Sophos identified exploited vulnerabilities as the leading technical cause of attacks for the third consecutive year. Alarmingly, 40% of victims admitted the breach stemmed from security gaps they hadn’t even known existed. Staffing issues were also widespread—63% of companies cited limited resources as a critical weakness, with larger firms blaming lack of expertise, while mid-sized organizations pointed to insufficient capacity.

Despite these challenges, recovery is improving. Nearly 44% of organizations intercepted attacks before data encryption—a record high—while just half experienced encrypted data, the lowest in six years. Even though only 54% restored their data from backups, overall recovery costs plummeted from $2.73 million in 2024 to $1.53 million in 2025.

Most notably, 53% of companies now recover from ransomware attacks within a week, a sharp rise from 35% the previous year. Only 18% needed over a month, down from 34% in 2024—a promising sign of growing preparedness and resilience across industries.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com