Negotiating Ransom Amounts with Cybercriminals Becomes More Common Among Infected Individuals
In a recent report, Sophos' State of Ransomware 2025, companies' strategies for managing ransomware attacks have come under the spotlight. The findings reveal a more pragmatic and efficient approach to these cyber threats.
One of the key strategies is the negotiation of ransom demands. In 71% of cases where companies paid less than the initial demand, they did so through negotiation, often involving third-party assistance. This negotiation process has led to a significant reduction in median ransom payments, with a 50% decrease from 2024 to 2025.
Another notable trend is the increasing ability of companies to stop attacks in progress. In 2025, 44% of companies were able to halt ransomware attacks before data encryption occurred, a six-year high. The recovery process is also becoming faster, with 53% of organizations fully recovering within a week, up from 35% in the previous year.
Backup use remains a critical component in recovery strategies, although only 54% of companies used backups to restore their data, the lowest percentage in six years.
The report also emphasises the importance of addressing operational shortcomings. A lack of expertise is the top operational cause in organizations with more than 3,000 people, while lack of people or capacity is most frequently cited by those with between 251 and 500 employees. Exploited vulnerabilities remain the number one technical root cause of ransomware attacks, with 40% of victims admitting that adversaries took advantage of a security gap they weren't aware of.
The average cost of recovery dropped from $2.73 million in 2024 to $1.53 million in 2025, with only 18% of companies taking more than a month to recover, down from 34% in 2024. However, nearly two-thirds (63%) of organizations blame resourcing issues as a major reason they fell victim to the attack.
Chester Wisniewski, director, field CISO at Sophos, stated that the threat of ransomware attacks is now "just a part of doing business" for many organizations. State and local government organizations paid the highest median ransom amount of $2.5 million, while healthcare organizations reported the lowest at $150,000. Despite the lower median ransom demand, 28% of ransomware victims paid more than the initial ransom, primarily due to extra demands from the hackers.
In conclusion, companies are focusing on preventive measures, negotiation strategies, and more efficient recovery techniques to mitigate the impact of ransomware attacks. The report serves as a valuable resource for organisations seeking to improve their ransomware resilience and response strategies.
- Focusing on the strategic deployment of technology, businesses are increasingly investing in cybersecurity solutions to bolster their defenses against ransomware attacks, recognizing that it's just a part of doing business in the current technological landscape.
- In light of the growing emphasis on financial prudence and efficiency, negotiating ransom demands with third-party assistance has emerged as a practical approach for companies, leading to a notable decrease in median ransom payments in the realm of finance.
