South African firms paid ransomware attackers an average of R17.9 million

Sophos released its State of Ransomware in South Africa report for 2024, which shows that it is more expensive for companies to recover from ransomware attacks than to pay the extortion demand.

It found that the mean ransom payment made by firms was $958,110 (R17.9 million) compared to the average recovery cost of $1.04 million (R19.44 million). The recovery cost excludes all ransom payments.

This impaired businesses’ ability to recover from these attacks, significantly increasing recovery time.

The report is based on a survey of 330 IT and cybersecurity firms conducted between January and February this year.

South African firms managed to get all their encrypted data back, although 43% of them paid the ransom rather than recovering from backups.

The median ransom amount paid was $152,000 (R2.84 million), significantly less than the R17.9-million mean, indicating that the dataset contains a greater quantity of lower amounts.

The mean is all the ransoms added together and divided by the number of data points, whereas the median is the data point found in the middle of the dataset when ranked in ascending order.

This suggests the highest ransoms paid must have been considerably more than R17.9 million to skew the mean so much.

The report also mentions that 71% of demands were $250,000 (R4.67 million) or less.

Recovering from a ransomware attack is becoming increasingly difficult for South African organisations, as 26% of firms took one to six months to recover. 41% recovered in a week.

Although ransomware payments increased, the number of organisations targeted decreased from 78% last year to 69%. The global average was 59%.

Malicious emails were the most common attack, accounting for 32% of incidents. Compromised credentials were second, at 26%.

Latest news

Partner Content

Show comments


Share this article
South African firms paid ransomware attackers an average of R17.9 million