Organizations in the critical national infrastructure sectors had mean and median ransomware payments reach $3.225 million and $2.54 million this year, respectively, representing a sixfold and 41-fold increase over the past year, with the highest payments recorded among lower education and federal government entities, The Register reports.
On the other hand, median ransomware recovery costs per incident reached $3 million, which is a fourfold increase from last year, with the greatest gains observed among entities in the energy and water industries, which were the second most targeted sectors, according to a Sophos report.
The report also showed that fewer organizations have been able to recover systems in a week or less due to increasingly complex attacks.
"This once again shows that paying ransom payments almost always works against our best interests. An increasing number (61 percent) paid the ransom as part of their recovery, yet the amount of time it took to recover was extended. Not only do these high rates and amounts of ransoms encourage more attacks on the sector, but they are not achieving the claimed goal of shorter recovery times," said Sophos Global Field Chief Technology Officer Chester Wisniewski.