Sophos study reveals rising ransom demands, new extortion methods, and high levels of psychological stress for IT teams
Ransomware attacks are no longer limited to critical infrastructure or large industrial conglomerates. The retail sector has also been hit hard. According to Sophos’s latest “State of Ransomware in Retail” report, the number of companies paying ransoms has risen significantly. The survey polled 3,400 IT and security professionals from the Americas, the EMEA region, and the Asia-Pacific region.
Vulnerabilities remain the main point of entry
For the third consecutive year, respondents cited exploited vulnerabilities as the most common attack vector. In 46 percent of cases, attackers succeeded in penetrating systems through open vulnerabilities. Nearly half of the attacks resulted in data encryption—though this represents a decline from 71 percent in 2023, a trend Sophos attributes to improved security measures.
New blackmail methods are on the rise
There has been a significant increase in attacks that do not involve actual encryption. Instead, attackers threaten to publish sensitive data if a ransom is not paid. These “pure extortion attacks” have tripled since 2023 and now affect six percent of retail businesses.
Ransom demands are rising rapidly
The average ransom demand reached 1.71 million euros in 2025—twice as high as in the previous year. The average amount actually paid rose to 856,382 euros. At the same time, the cost of recovery measures that did not involve ransom payments fell to 1.41 million euros, the lowest level in three years.
Mental strain on security teams
In addition to the financial consequences, the study also highlights the psychological impact. Nearly half of the respondents reported feeling intense pressure from management. Forty-three percent said they suffered from anxiety or stress over the possibility of further attacks. Thirty-seven percent reported taking sick leave, and 34 percent felt guilty for not having prevented the attack.
Conclusion: Ransomware requires comprehensive strategies
The results show that the retail sector must address ransomware not only from a technical standpoint but also from an organizational one. Robust vulnerability management, awareness programs, and prepared incident response plans are crucial. ITanic GmbH provides support through security strategies and incident response services to help companies quickly resume operations in the event of an emergency.