Attack rates have gone down, but recovery is more expensive<\/strong><\/h2>\nState and local government organizations reported the lowest rate of attacks of all sectors surveyed in 2024. 34% of state and local government organizations were hit by ransomware in 2024, a 51% reduction in the attack rate reported in 2023 (69%).<\/p>\n
![\"Attack](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/08\/image1.png\")
<\/p>\n
Almost all (99%) state and local government organizations hit by ransomware in the past year said that cybercriminals attempted to compromise their backups during the attack. Of the attempts, just over half (51%) were successful \u2013 one of the lowest rates of backup compromise across sectors.<\/p>\n
98% of ransomware attacks on state and local government organizations resulted in data encryption, a considerable increase from the 76% encryption rate reported in 2023. This is the highest rate of data encryption of all sectors studied in 2024.<\/p>\n
The mean cost in state and local government organizations to recover from a ransomware attack was $2.83M in 2024, more than double the $1.21M reported in 2023.<\/p>\n
Devices impacted in a ransomware attack<\/strong><\/h2>\nOn average, 56% of computers in state and local government organizations were impacted by a ransomware attack, above the cross-sector average of 49%. Having the full environment encrypted is extremely rare, with only 8% of organizations reporting that 81% or more of their devices were impacted.<\/p>\n
![\"Device](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/08\/image2.png\")
<\/p>\n
The propensity to pay the ransom has increased<\/strong><\/h2>\n78% of state and local government organizations restored encrypted data using backups, the second highest rate of backup use reported (tied with\u00a0higher education<\/em>). 54% paid the ransom to get data back. In comparison, globally, 68% used backups and 56% paid the ransom.<\/p>\nThe three-year view of state and local government organizations reveals a steady rise in both the use of backups and the sector\u2019s propensity to pay the ransom.<\/p>\n
![\"Ransom](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/08\/image3.png\")
<\/p>\n
A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). In this year\u2019s study, 44% of state and local government organizations that had data encrypted reported using more than one method, four times the rate reported in 2023 (11%).<\/p>\n
Victims rarely pay the initial ransom sum demanded<\/strong><\/h2>\n49 state and local government respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment was $2.2M in 2024.<\/p>\n
Only 20% paid the initial ransom demand. 35% paid less than the original demand, while 45% paid more. On average, across all state and local government respondents, organizations paid 104% of the initial ransom demanded by adversaries.<\/p>\n
![\"Ransom](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/08\/image4.png\")
<\/p>\n
<\/p>\nOn average, 56% of computers in state and local government organizations were impacted by a ransomware attack, above the cross-sector average of 49%. Having the full environment encrypted is extremely rare, with only 8% of organizations reporting that 81% or more of their devices were impacted.<\/p>\n
<\/p>\n
The propensity to pay the ransom has increased<\/strong><\/h2>\n78% of state and local government organizations restored encrypted data using backups, the second highest rate of backup use reported (tied with\u00a0higher education<\/em>). 54% paid the ransom to get data back. In comparison, globally, 68% used backups and 56% paid the ransom.<\/p>\nThe three-year view of state and local government organizations reveals a steady rise in both the use of backups and the sector\u2019s propensity to pay the ransom.<\/p>\n
<\/p>\n
A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). In this year\u2019s study, 44% of state and local government organizations that had data encrypted reported using more than one method, four times the rate reported in 2023 (11%).<\/p>\n
Victims rarely pay the initial ransom sum demanded<\/strong><\/h2>\n49 state and local government respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment was $2.2M in 2024.<\/p>\n
Only 20% paid the initial ransom demand. 35% paid less than the original demand, while 45% paid more. On average, across all state and local government respondents, organizations paid 104% of the initial ransom demanded by adversaries.<\/p>\n
<\/p>\n
The three-year view of state and local government organizations reveals a steady rise in both the use of backups and the sector\u2019s propensity to pay the ransom.<\/p>\n
<\/p>\n
A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). In this year\u2019s study, 44% of state and local government organizations that had data encrypted reported using more than one method, four times the rate reported in 2023 (11%).<\/p>\n
Victims rarely pay the initial ransom sum demanded<\/strong><\/h2>\n49 state and local government respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment was $2.2M in 2024.<\/p>\n
Only 20% paid the initial ransom demand. 35% paid less than the original demand, while 45% paid more. On average, across all state and local government respondents, organizations paid 104% of the initial ransom demanded by adversaries.<\/p>\n
<\/p>\n
<\/p>\n