Image Credit: Vipre
South African organizations are facing a growing ransomware crisis, with demands and recovery costs climbing to record highs.
Sophos’ State of Ransomware in South Africa 2025 report reveals that the median ransom demand has shot up to $1 million (R17.79 million), compared to just $165,000 (R2.94 million) a year ago.
The study surveyed 154 IT and cybersecurity leaders from local organizations that were hit by ransomware. It found that even without paying the ransom, the average cost of recovery now sits at $1.31 million (R23.3 million), up from $1.04 million (R18.5 million) in 2024.
Negotiating Under Pressure
Even though attackers are demanding more, many South African organizations are holding their ground.
The median ransom actually paid was $451,818 (R8.04 million) — nearly triple last year’s figure, but still only about 64% of the initial demand and well below the global average of 85%. Sixty percent of victims managed to negotiate their way to a lower figure.
Why Are Companies Still Vulnerable?
When asked what left them exposed, most pointed to human and technical gaps. Compromised credentials were the most common way attackers got in (34%), followed by exploited vulnerabilities (28%) and malicious emails (22%).
Over half of the respondents admitted they lacked enough cybersecurity expertise, didn’t have strong enough protection, or simply didn’t know where their weaknesses were.
On the bright side, more companies are bouncing back faster. Nearly half — 47% — fully recovered within a week, up from 41% last year.
Recovering Data — But at a Cost
Six in ten attacks resulted in data being encrypted. While that’s still higher than the global average of 50%, it’s an improvement from 76% in 2024.
Almost all organizations (90%) got their data back, but more of them are paying ransoms to do it. Seventy-one percent paid up, compared to just 43% last year, while only 35% relied on backups, which is a sharp drop from 72% previously.
What Organizations Should Do
Sophos recommends four clear steps for organizations that want to strengthen their defenses:
- Fix technical and operational weaknesses before attackers find them.
- Build a solid security foundation with dedicated anti-ransomware tools.
- Invest in round-the-clock threat detection and response.
- Create and regularly test incident response plans, especially backup systems.
About Author
