• Sat. Oct 21st, 2023

Sophos: 76% of Ransomware Attacks Effectively Encrypt Data

Avatar photo

ByEsme Greene

Jul 17, 2023
76% Ransomware Attacks Encrypt Data - Sophos
Esme Greene
Latest posts by Esme Greene (see all)

These CEOs represented firms from 14 different countries, with staff members ranging from 100 to 5000 and revenue ranging from less than $10 million to more than $5 billion. Here are some troubling facts from the study.

Significant Observations

In the last year, 76% of those affected by ransomware had their data effectively encrypted by cybercriminals

Educational institutions were the most vulnerable to malware crimes. Ransomware affected 79% of higher education institutions and 80% of lower education organizations.

Exploited flaws were the primary reason for ransomware attacks, with 29% reporting compromised credentials.

Emails were responsible for around 30% of assaults, with 18% beginning with a malicious email and 13% beginning with phishing.

55% of assaults in the media, leisure, and entertainment industry were triggered by exploited vulnerabilities, exposing major security shortcomings. 

Attack Recuperation Stats

Companies who paid a ransom to decrypt their data had greater recovery expenses than those that used backups. The typical repair cost for ransom payments was $750,000, whereas backup-reliant firms spent $375,000.

Only 39% of firms who paid the ransom were able to get back online within a week, while 45% of those that relied on backups were able to do so. Separately, the attackers took the data in 30% of the situations when the data was encrypted, demonstrating an increasing trend of combining data encryption with exfiltration tactics.

Who Did and Who Did Not Pay?

In general, 46% of firms with encrypted data chose to pay the ransom. Particularly, bigger enterprises were more inclined to pay, with more than half of companies with more than $500 million in sales opting to pay the ransom. Organizations with more than $5 billion in sales had the highest payment rate.

Crucial Information

41% of breaches originated from hacked credentials in the central and federal government sectors, presumably indicating a greater rate of credential theft or challenges in preventing the exploitation of stolen credentials. 

In contrast, the IT, technology, and telecommunications industry had the lowest percentages of exploited vulnerabilities (22%) and compromised credentials (22%), indicating strong security measures. Yet, email-based assaults were common in this industry, with 51% coming from users’ inboxes.


As hackers improve their TTPs, defenders struggle to catch up, resulting in an increase in encryption rates. The dramatic drop in the use of backups for retrieving encrypted data is grounds for serious concern. Furthermore, companies should protect against the most prevalent methods of attack and practice basic security maintenance. 

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.