Security News

Ransomware Attacks Surged By 37 Percent In 2021: Sophos Survey

Jay Fitzgerald

Ransom payments increased five-fold to an average $812,360 last year, the survey finds. ‘If I were a channel player, I would look at what is going wrong and worry. Some of these organizations clearly don’t understand the threat,’ says a Sophos research scientist.


A new survey by security vendor Sophos shows a dramatic increase last year in ransomware attacks and payments paid by organizations to get their data back.

Adding insult to injury, those who forked over ransom money got back on average only 61 percent of the data they temporarily lost due to the attack, according to Sophos.

In a survey of about 5,600 mid-sized organizations in 31 countries, Sophos found that 66 percent of respondents were hit by ransomware in 2021, up 37 percent compared to the year prior.

[RELATED STORY: Sophos Buys Intel-backed Capsule8 To Bolster Enterprise Linux Systems]

In all, about 46 percent of those who had their data encrypted in a ransomware attack paid a ransom to get their data back, even if some of them had other means of data recovery, such as backups.

In a statement, Chester Wisniewski, principal research scientist at Sophos, noted that companies may be willing to pay a ransom, even if they have other options available, for a number of reasons, such as “Incomplete backups or the desire to prevent stolen data from appearing on a public leak site.”

Meanwhile, ransom payments are getting relentlessly bigger, the survey found. The average ransom paid out last year was $812,360, nearly a five-fold increase from the year prior.

Meanwhile, the number of companies paying out $1 million or more increased by more than three-fold last year, compared to 2020, according to survey data.

Manufacturers are paying out the largest ransoms, on average about $2 million, while health care organizations are paying the least, on average $197,000, according to the survey.

Of those organizations making ransom payments, only 4 percent got all of their encrypted data back, down from 8 percent last year, according to the survey.

On average, those who paid a ransom got back only 61 percent of their encrypted data, the survey found.

“I’d be pretty damn angry if that’s all I got back,” said Wisniewski in an interview with CRN.

Wisniewski said in many instances attackers’ de-encryption tools simply don’t work or have been corrupted, so targets of their attacks can’t recover everything that had been held hostage.

“They really don’t care whether their de-encryption tools work or not,” Wisniewski said of ransomware attackers.

There was some positive news in the survey results: 83 percent of mid-sized organizations said they had cybersecureity insurance that covers them in the event of a ransomware attack. And in 98 percent of incidents, the insurer paid some or all the costs incurred, the survey found.

Wisniewski said the survey data presents a “huge challenge and opportunity” for channel players who are trying to convince their customers to beef up their security against ransomware attacks.

“If I were a channel player, I would look at what is going wrong and worry,” he said. “Some of these organizations clearly don’t understand the threat.”

Rick Smith, founder and CEO of Renactus Technology LLC, a New Jersey-based MSP, said he agreed that channel players are confronted by a huge challenge in dealing with ransomware attacks.

“We have to stay really diligent,” Smith said, noting he’s been “fortunate” that none of his customers has yet to be hit by a ransomware incident. “It’s a case of you doing everything possible and necessary – and you can still get nailed.”

He said much of his job comes down to talking with customers and engaging in customer/employee training on how to avert cybersecurity disasters in general.

Chris Clements, a vice president at Cerberus Sentinel, a managed cybersecurity and compliance company, said 66 percent of respondents saying they got hit by a ransomware attack, as Sophos reports, “sounds high” to him.

But he agreed ransomware attacks are a rapidly growing threat – and he agreed that the average ransom payout is now running at about $800,000.

The bottom line, he said, is that most organizations simply don’t have sufficient protections to thwart a ransomware attack. “It’s generally easy to breach” an organization’s security, Clements said.

He agreed with Smith that it’s essential for channel players to keep the pressure on customers to install adequate security measures. “It’s a communication and education process,” he said.

Learn More: Cybersecurity
Jay Fitzgerald

Jay Fitzgerald is a senior editor covering cybersecurity for CRN. Jay previously freelanced for the Boston Globe, Boston Business Journal, Boston magazine, Banker & Tradesman,, Harvard Business School’s Working Knowledge, the National Bureau of Economic Research and other entities. He can be reached at

Sponsored Post