VendorsSophos
Sophos
Cybersecurity reports and statistics published by Sophos
8 categories5 reports
Research Reports
Reports and publications from Sophos
Recent Statistics & Reports
The median ransom payment was $1 million.
6/24/2025•
RansomwareRansom
Companies with over $1 billion in revenue faced a median ransom demand of $5 million.
6/24/2025•
RansomwareRansom
Nearly 50% of companies paid a ransom to recover their data, which is the second highest rate of ransom payment for demands in six years.
6/24/2025•
RansomwareRansom
State and local government reported the highest median ransom payment at $2.5 million.
6/24/2025•
RansomwareRansomGovernment
Data encryption was at a six-year low, with only half of companies having their data encrypted in a ransomware attack.
6/24/2025•
RansomwareData encryption
For the third year in a row, exploited vulnerabilities were identified as the number one technical root cause of ransomware attacks.
6/24/2025•
RansomwareVulnerabilities
The most frequently seen "EDR killer" in 2024 was EDRSandBlast.
4/16/2025•
EDR
The average price of "junk gun" ransomware obtained from an underground marketplace is $375.
4/16/2025•
Ransomware
EDRSandBlast variants were detected in waves of attempted ransomware attacks throughout 2024, including a dramatic peak around the US Thanksgiving holiday in November
4/16/2025•
RansomwareHoliday
Ransomware cases accounted for 70 percent of Sophos Incident Response cases for small business customers in 2024.
4/16/2025•
RansomwareSmall business
Over a third of all incidents involving intrusion into smaller organisations have systems on the network edge as the initial point of compromise.
4/16/2025•
Malicious intrusionSmall businessNetwork edge devices
Ransomware cases accounted for over 90 percent of Sophos Incident Response cases for midsized organisations (from 500 to 5000 employees) in 2024.
4/16/2025•
RansomwareMiddle market
Obsolete and unpatched hardware and software constitute an ever-growing source of security vulnerabilities.
4/16/2025•
VulnerabilitiesObsolote hardwareUnpatched hardware
Use of remote ransomware increased 141 percent since 2022.
4/16/2025•
RansomwareRemote ransomware
The use of remote ransomware increased 50 percent in 2024 over last year, and 141 percent since 2022.
4/16/2025•
RansomwareRemote ransomware
The Veeam vulnerability (CVE-2024-40711) and similar documented vulnerabilities played a role in nearly 15 percent of the cases Sophos MDR tracked involving malicious intrusions in 2024.
4/16/2025•
VulnerabilitiesMalicious intrusion
Most active STAC campaigns tracked by Sophos MDR in 2024 were ransomware-related.
4/16/2025•
Ransomware
Use of remote ransomware increased 50 percent in 2024 over last year.
4/16/2025•
RansomwareRemote ransomware
Compromised network edge devices account for a quarter of the initial compromises of businesses in cases that could be confirmed from telemetry.
4/16/2025•
Network edge devicesSecurity incident
Ransomware and data theft attempts accounted for nearly 30 percent of all Sophos Managed Detection and Response (MDR) tracked incidents (in which malicious activity of any sort was detected) for small and midsized businesses.
4/16/2025•
RansomwareData theft
Showing 41-60 of 60 results