The annual report The state of sophos ransomwarewho has just published his sixth edition, highlights that Spanish companies and organizations They are better prepared to respond to ransomware attacks, since they have achieved a reduction in recovery costs and an improvement in response times, both in interannual and global terms. In fact, the 49% of companies attacked by ransomware recovered completely In a weeka notable increase with respect to 27% of last year.
The study, conducted by Sofos from a survey of 3,400 responsible for IT and cybersecurity of 17 countries, among which Spain is with 237 respondents, analyzes the responses of organizations against ransomware, and establishes that the average recovery cost, not including the payment of the rescue, was reduced by 66% in Spain to 1.15 million dollars. Only 24% of Spanish companies needed one month to recover, compared to 45% of the previous year.
Vulnerability exploration was the most common technical cause of attacks, in 30% of cases. Committed credentials were at the origin of another 21% of attacks, and malicious emails, in 17%.
Among the most common operational causes, the most common is a known security gap, in 42% of cases in Spain. 41% were due in the absence of personnel, and 39%, respectively, to the lack of experience and an unknown security gap.
47% of the attacks led to data encryption, a remarkable decrease compared to 2024, when it was the consequence in 89% of ransomware attacks. If there has been a slight increase in the percentage of data theft in the attacks in which they were encrypted: 36%, compared to 34% of 2024.
All Spanish organizations that suffered encryption were able to recover their data. 36% paid the rescue, compared to 56% of 2024, and 70% used backup copies to recover encrypted data (64%, successfully). The average rescue demand in Spain in 2024 was 4.24 million dollars, a remarkable increase compared to $ 911,600 of 2023. The average payments remained in 2024, yes, at $ 322,500, compared to 4.4 million dollars of 2023.
Excluding rescue payments, the average cost to recover from a ransomware attack in 2024 for Spanish companies was 1.15 million dollars, much less than half than in 2023, when it was 3.43 million dollars. This includes inactivity time, personnel time, device cost and loss of opportunities.
In Spanish organizations where the data were encrypted, 36% claim to have supported a continuous increase in the workload. In addition, 33% of professionals in Spain suffered greater anxiety from future attacks and 25% have reported absences or casualties of a team member.
Álvaro Fernández, Sales Director at Sopos Iberiahe pointed out that «This year’s data show that Spanish companies are improving their capacity for response and recovery against ransomware, even above the global average. However, the fact of That almost four out of ten Spanish organizations continue paying bailouts indicates that there is still much to do. The lack of specialized professionals and experience can be successfully supplied by collaborating with managed service providers ».
As to Chester Wisniewski, foast director in Sofoshe pointed out that «many Companies are being equipped with resources to limit ransomware damage, including the hiring of incident response personnel to reduce rescue payments, accelerate recovery and even stop the attacks ongoing. Of course, ransomware can still ‘cure’ addressing the root causes of attacks: exploited vulnerabilities, lack of visibility and shortage of resources. More and more companies recognize that they need help and opt for detection and response services (MDR) for their defense, which combined with proactive security strategies such as multifactor authentication and the application of patches can greatly help prevent ransomware ».