Ransomware recovery costs for critical infrastructure quadruple to $3 million

The costs of recovering from ransomware attacks against the energy and water sectors have quadrupled, reaching $3 million, researchers at Sophos found, four times higher than the global cross-sector median. The median ransom payment in the energy and water industries has also increased to more than $2.5 million in 2024, which is half a million more than in other sectors.

The company’s cybersecurity experts also share that 49% of ransomware attacks on the energy and water sectors began with an exploited vulnerability. These findings are based on a survey of 5,000 cybersecurity and IT leaders across 14 countries and 15 industry sectors. The energy and water sectors reported the second-highest rate of ransomware incidents, with 67% of organisations experiencing ransom demands in 2024.

Chester Wisniewski, chief technical officer at Sophos, said: ‘Criminals focus on areas where they can cause the most pain and disruption so that the public will demand quick solutions and, they hope, ransom payments to restore services as soon as possible’. He added: ‘This makes utilities prime targets for ransomware attacks. Because of the essential functions they provide, modern society demands they recover quickly and with minimal disruption.’

However, only 20% of organisations in the energy and water sectors were able to recover within a week or less in 2024, compared to 41% in 2023 and 50% in 2022. Over half took over a month to recover, up from 36% a year before. Across sectors, only 35% of companies took more than a month to recover.

Wisniewski concluded: ‘This once again shows that paying ransom almost always works against our best interests.’