Golden hour glamour at the 5th Manila International Fashion Week 2025
A new report from cybersecurity firm Sophos reveals that nearly 50 percent of businesses targeted by ransomware attacks in the past year opted to pay the ransom, with a median payment of $1 million.
The findings, published in Sophos’ State of Ransomware 2025 report, are based on a survey of 3,400 IT and cybersecurity leaders across 17 countries. While nearly half of the companies surveyed paid the ransom to recover their data, 53 percent of those managed to negotiate a lower amount than initially demanded. In 71 percent of those cases, negotiations were carried out either internally or with the help of a third party.
Although the median ransom demand fell by one-third from 2024 to 2025, the median payment dropped by 50 percent, suggesting improved outcomes for affected companies. Sophos noted that the size and revenue of an organization significantly influenced the ransom amount. Large enterprises with revenues exceeding $1 billion faced median demands of $5 million, while smaller firms with revenues under $250 million typically received demands below $350,000.
The report also highlighted broader cybersecurity challenges. Exploited vulnerabilities remained the top technical cause of ransomware attacks for the third consecutive year. Additionally, 40 percent of victims said attackers exploited unknown security gaps. Resource shortages contributed to the vulnerability of many companies, with lack of expertise being the leading factor for large organizations and lack of staff capacity affecting smaller ones.
“For many organizations, the chance of being compromised by ransomware actors is just a part of doing business in 2025,” said Chester Wisniewski, director and field CISO at Sophos. “The good news is that, thanks to this increased awareness, many companies are arming themselves with resources to limit damage.”
Get the latest news
delivered to your inbox Sign up for The Manila Times newsletters By signing up with an email address, I acknowledge that I have read and agree to the Terms of Service and Privacy Policy.
Some progress was noted in containment and recovery. Forty-four percent of companies stopped ransomware attacks before data encryption, a six-year high. Only half reported encrypted data, the lowest rate in six years. More companies also recovered faster — 53 percent within a week, up from 35 percent the previous year.
Ransom payments and recovery costs declined overall, with average recovery costs falling from $2.73 million in 2024 to $1.53 million in 2025. Industry-specific variations persisted, with state and local governments paying a median of $2.5 million, while the healthcare sector paid the least at $150,000.
Advertisement
Sophos advised companies to adopt proactive defense strategies, including vulnerability management, endpoint protection, incident response planning, and the use of managed detection and response (MDR) services to bolster resilience against ransomware.
The survey was conducted between January and March 2025, focusing on organizations that had experienced ransomware attacks in the previous 12 months. Additional industry-specific findings are expected to be released by Sophos later this year.
