GRTech
71% of Nigerian Organizations Hit by Ransomware – Sophos’ Annual “State of Ransomware 2022”
Sophos report shows 44% of Nigerian Organizations that had Data Encrypted in a Ransomware Attack Paid the Ransom
Sophos, a global leader in next-generation cybersecurity, has released its annual international survey and review of real-world ransomware experiences in the State of Ransomware 2022.
The report shows that 71% of Nigerian organizations surveyed were hit with ransomware in 2021, up from 22% in 2020. Forty-four percent of the organizations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups.
The report summarizes the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.
“The survey shows that, globally, the proportion of victims paying the ransom continues to increase, even when they may have other options available,” said Chester Wisniewski, principal research scientist at Sophos. “There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible”.
Continuing, Wisniewski said, “Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk. Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more. If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”
Key Findings
The main findings of the State of Ransomware 2022 global survey from the Nigerian respondents, which covers ransomware incidents experienced during 2021, as well as related cyber insurance issues, include:
- More victims are paying the ransom – In 2021, 44% of organizations that had data encrypted in a ransomware attack paid the ransom
- The impact of a ransomware attack can be immense –The average cost to recover from the most recent ransomware attack in 2021 was US$3.43 million. It took on average one month to recover from the damage and disruption. Ninety-seven percent of organizations said the attack had impacted their ability to operate, and 96% of the victims said they had lost business and/or revenue because of the attack
- Many organizations rely on cyber insurance to help them recover from a ransomware attack – 81% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack – and, in 97% of incidents, the insurer paid some or all the costs incurred
- Ninety-one percent of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies and fewer organizations offering insurance protection
“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” said Wisniewski. “In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service. Second, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands. However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky high ransoms. Sadly, this is unlikely to reduce the overall risk of a ransomware attack. Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit.”
Sophos recommends the following best practices to help defend against ransomware and related cyberattacks
- Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs
- Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
- Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) solutions are ideal for this purpose
- Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated
- Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption
Read The State of Ransomware 2022 report for the full global findings and data by sector.
GRTech
Sophos Releases State of Ransomware in Education report
97% Data Recovery in Schools Shows Progress against Ransomware, But IT Burnout Grows – Sophos
Sophos, a global leader and innovator of advanced security solutions for defeating cyberattacks, has released its fifth annual Sophos State of Ransomware in Education report.
Sophos, a global leader and innovator of advanced security solutions for defeating cyberattacks, has released its fifth annual Sophos State of Ransomware in Education report.
The global study of 441 IT and cybersecurity leaders shows the education sector is making measurable progress in defending against ransomware, with fewer ransom payments, dramatically reduced costs, and faster recovery rates.
Yet, these gains are accompanied by mounting pressures on IT teams, who report widespread stress, burnout, and career disruptions following attacks – nearly 40% of respondents reported dealing with anxiety.
Over the past five years, ransomware has emerged as one of the most pressing threats to education, with attacks becoming a daily occurrence. Primary and secondary institutions are seen by cybercriminals as “soft targets”, often underfunded, understaffed, and holding highly sensitive data.
The consequences are severe: disrupted learning, strained budgets, and growing fears over student and staff privacy. Without stronger defenses, schools risk not only losing vital resources but also the trust of the communities they serve.
Indicators of Success against Ransomware
The new Sophos study demonstrates that the education sector is getting better at reacting and responding to ransomware, forcing cybercriminals to evolve their approach.
Trending data from the Sophos study reveals an increase in attacks where adversaries attempt to extort money without encrypting data.
Unfortunately, paying the ransom remains part of the solution for about half of all victims.
However, the payment values are dropping significantly, and for those who have experienced data encryption in ransomware attacks, 97% were able to recover data in some way. The study found several key indicators of success against ransomware in education:
• Stopping More Attacks: When it comes to blocking attacks before files can be encrypted, both lower and higher education institutions reported their highest success rate in four years (67% and 38% of attacks, respectively)
• Following the Money: In the last year, ransom demands fell 73% (an average drop of $2.83M), while average payments dropped from $6M to $800K in lower education and from $4M to $463K in higher education.
• Plummeting Cost of Recovery: Outside of ransom payments, average recovery costs dropped 77% in higher education and 39% in lower education. Despite this success, lower education reported the highest recovery bill across all industries surveyed.
Gaps Still Need to be Addressed
While the education sector has made progress in limiting the impact of ransomware, serious gaps remain. In the Sophos study, 64% of victims reported missing or ineffective protection solutions; 66% cited a lack of people (either expertise or capacity) to stop attacks; and 67% admitted to having security gaps. These risks highlight the critical need for schools to focus on prevention, as cybercriminals develop new techniques, including AI-powered attacks.
Highlights from the study that shed light on the gaps that still need to be addressed include:
• AI-powered threats: Lower education institutions reported that 22% of ransomware attacks had origins in phishing. With AI enabling more convincing emails, voice scams, and even deepfakes, schools risk becoming test grounds for emerging tactics.
• High-value data: Higher education institutions, custodians of AI research and large language model datasets, remain a prime target, with exploited vulnerabilities (35%) and security gaps the provider was not aware of (45%) as leading weaknesses that were exploited by adversaries.
• Human toll: Every institution with encrypted data reported impacts on IT staff. Over one in four staff members took leave after an attack, nearly 40% reported heightened stress, and more than one-third felt guilt they could not prevent the breach.
“Ransomware attacks on schools are among the most disruptive and brazen crimes,” said Alexandra Rose, Director, CTU Threat Research, Sophos. “It’s encouraging to see schools getting better at responding and recovering, but the real opportunity is to stop attacks before they start. Prevention, backed by strong incident response planning and collaboration with trusted public and private partners, is essential as adversaries adopt new tactics, including AI-driven threats.”
Holding on to the Gains
Based on its work protecting thousands of educational institutions, Sophos experts recommend several steps to maintain momentum and prepare for evolving threats:
• Focus on Prevention: The dramatic success of lower education in stopping ransomware attacks before encryption offers a blueprint for broader public sector organizations. Organizations need to couple their detection and response efforts with preventing attacks before they compromise the organization.
• Secure Funding: Explore new avenues such as the U.S. Federal Communications Commission’s E-Rate subsidies to strengthen networks and firewalls, and the UK’s National Cyber Security Centre initiatives, including its free cyber defence service for schools, to boost overall protection. These resources help schools both prevent and withstand attacks.
• Unify Strategies: Educational institutions should adopt coordinated approaches across sprawling IT estates to close visibility gaps and reduce risks before adversaries can exploit them.
• Relieve Staff Burden: Ransomware takes a heavy toll on IT teams. Schools can reduce pressure and extend their capabilities by partnering with trusted providers for managed detection and response (MDR) and other around-the-clock expertise.
• Strengthen Response: Even with stronger prevention, schools must be prepared to respond when incidents occur. They can recover more quickly by building robust incident response plans, running simulations to prepare for real-world scenarios, and enhancing readiness with 24/7/365 services like MDR.
Data for the State of Ransomware in Education 2025 report comes from a vendor-agnostic survey of 441 IT and cybersecurity leaders – 243 from lower education and 198 from higher education institutions hit by ransomware in the past year.
The organizations surveyed ranged from 100 – 5,000 employees and across 17 countries.
The survey was conducted between January and March 2025, and respondents were asked about their experience of ransomware over the previous 12 months.
Download the State of Ransomware in Education 2025 report on Sophos.com.
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced that Sophos Endpoint is now natively integrated and automatically included in all Taegis Extended Detection and Response (XDR) and Taegis Managed Detection and Response (MDR) subscriptions.
This milestone gives customers immediate access to combined prevention, detection, and response capabilities in a single platform, while lowering costs and simplifying operations.
The integration follows Sophos’ acquisition of Secureworks in February 2025 and represents a major milestone in combining the companies’ strengths to help customers defeat cyberattacks with a higher ROI.
Endpoint protection remains one of the most critical layers of defense against today’s cyberthreats, delivering both frontline prevention and vital telemetry for detection and response.
With Sophos Endpoint included in all new and existing Taegis XDR and MDR subscriptions, customers can benefit from unmatched ransomware defenses and adversary mitigation capabilities that automatically deploy in the event of an attack.
The integration enables organizations to strengthen protection while lowering licensing costs, reduce management overhead through native integration, and accelerate threat mitigation with expanded response actions.
Taegis remains a fully open platform, ensuring customers continue to receive full value from their existing cybersecurity investments and maintain the freedom to use the endpoint protection solution of their choice.
This ensures that customers maximize ROI while allowing room in their budget for other cybersecurity priorities.
“Integrating Sophos Endpoint with Taegis delivers a best-in-class unified protection, detection, investigation, and response platform – while also reducing customer costs,” said Raja Patel, chief product officer at Sophos. “Too many organizations still treat endpoint protection like a commodity, and that’s exactly the mistake attackers are counting on. The reality is, not all endpoint products are built to stop today’s hands-on-keyboard attacks. Sophos Endpoint’s prevention-first capabilities, like CryptoGuard anti-ransomware protection and Adaptive Attack Protection, shut down attacks before they can escalate, which is a true game changer for enterprises managing thousands of devices. And by simplifying deployment and policy management, we’re helping organizations stay ahead of threats, lower their total cost of ownership, and maximize the return on their security investments.”
Key benefits for Taegis customers include:
- Lower costs and improved ROI: Sophos Endpoint is now automatically included with all Taegis XDR and Taegis MDR subscriptions, eliminating the need to purchase a separate endpoint security solution.
- Vendor choice preserved: Taegis remains an open platform, allowing organizations to continue using their preferred endpoint solution.
- Industry-leading protection: A 16-time leader in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms, Sophos Endpoint provides unmatched defense against ransomware and other advanced threats, with features such as CryptoGuard and Adaptive Attack Protection, accessible directly from the Taegis console.
- Workflow continuity: Telemetry and detections from Sophos Endpoint are ingested into the Taegis platform, allowing customers to retain existing detection and response workflows.
- Simplified management: Customers can download, install and manage Sophos Endpoint directly from Taegis.
To support a range of environments, customers can now choose between three deployment options for endpoint protection:
- Sophos Endpoint: Natively integrated for comprehensive prevention, detection, and response in a single agent.
- Non-Sophos native integrations: Telemetry ingestion ensures full visibility from products such as CrowdStrike, Microsoft Defender, SentinelOne and Carbon Black by Broadcom.
- Other non-Sophos endpoint security solutions: Supported through a detection only sensor deployment option.
“This integration expands the value and flexibility we deliver to customers and partners,” said Chris Bell, senior vice president of Global Channel, Alliances and Corporate Development at Sophos. “By including Sophos Endpoint in Taegis, organizations gain stronger protection, reduced costs and simplified operations. For partners, it creates new opportunities to help customers consolidate tools, drive renewals and expand enterprise relationships.”
Technology Company, Globacom, has announced significant reductions in its International Direct Dialing (IDD) rates, making international calls more affordable for its existing and new customers across Nigeria.
Effective August 10, the new rates began applying to over 15 popular international destinations, including United States which will has moved to ₦30 per minute, down from ₦35, United Kingdom is now N350 from ₦400, while India also moved down to ₦40 from N45.
The rates for China, Saudi Arabia and Cameroon however recorded major reduction moving to N75, N300 and ₦700 respectively.
The reduction was also extended to African countries including Benin Republic which goes for ₦650 per minute, Niger Republic ₦750, Ghana ₦500, and Togo ₦650. United Arab Emirates also moved from ₦450 to ₦325, Germany to ₦550, Côte d’Ivoire ₦700, Libya ₦700, while calls to Malawi is now N1,100 from ₦1,200.
Glo aims to provide more value for its customers through these revised rates, encouraging them to make Glo their preferred network for international calls. New IDD bundles will also be introduced, offering frequent international callers even more attractive deals.
Globacom, which remained optimistic that frequent international callers will benefit immensely from the reductions in IDD bundles, enjoined customers to take advantage of the new rates to stay connected with friends and business associates across the globe.
Naija Times celebrates 5th anniversary, launches nonprofit arm to promote quality journalism and social impact
One Nigeria: How Governor Mbah is Leading the Azikiwe Dream
Young Artists Chase Dreams at Next Afrobeats Star Lagos Auditions
LASG Acquires New Outboard Engines For Optimum Boat Performance
Elon Musk builds Hotel in Mars, Sets to launch soon at $5million per night – Photos
