Cybersecurity solutions leader Sophos has unveiled its State of Ransomware in Critical Infrastructure in 2024 report, offering insights into the ransomware experiences of 275 IT and cybersecurity leaders from the energy, oil/gas, and utilities sectors.
This Sophos study, which focuses on a vital segment of critical infrastructure, examines the entire victim journey, including attack rates, root causes, operational impacts, and business outcomes.
Key Findings:
Steady Attack and Recovery Rates:
In 2024, 67 percent of organizations in the energy, oil/gas, and utilities sectors were hit by ransomware, the same rate as in 2023.
98 percent of these organizations reported that cybercriminals attempted to compromise their backups during attacks, with 79 percent of these attempts being successful, the highest rate across all sectors.
Data encryption occurred in 80 percent of ransomware attacks, consistent with the 79 percent reported in 2023 and higher than the 2024 cross-sector average of 70 percent.
Recovery Costs and Device Impact:
The average cost to recover from a ransomware attack in these sectors was $3.12 million in 2024, similar to the $3.17 million reported in 2023.
On average, 62 percent of computers were impacted by a ransomware attack, significantly above the cross-sector average of 49 percent.
Approximately 17 percent of organizations in these sectors reported that 91 percent or more of their devices were impacted during an attack.
Data Recovery Trends:
61 percent of organizations paid the ransom to recover encrypted data, while only 51 percent used backups, marking the first time this sector reported a higher propensity to pay ransoms than to use backups.
The use of multiple methods to recover data, such as paying the ransom and using backups, increased to 35 percent from 26 percent in 2023.
Ransom Payment Insights:
The median ransom payment was $2.5 million in 2024.
48 percent of respondents paid the original ransom amount demanded, while 26 percent paid less, and 27 percent paid more.
The energy, oil/gas, and utilities sectors showed the highest propensity to pay the original ransom amount and the second lowest propensity to pay less than the initial demand.
Survey Methodology: The report is based on an independent, vendor-agnostic survey commissioned by Sophos and conducted by research specialist Vanson Bourne. The survey included 5,000 IT and cybersecurity leaders from organizations with 100 to 5,000 employees across 14 countries in the Americas, EMEA, and Asia Pacific. The findings are based on the participants’ experiences over the previous year.
