The State of Ransomware – An overview of Sophos’ 2025 Report
In the first of 3 episodes covering Sophos’ 2025 report ‘The State of Ransomware’, Brian Sibley, VCTO at Espria and Jon Hope, Cyber Security Evangelist at Sophos discuss the findings of this year’s report, and specifically its implications for the UK.
In this episode the team will reveal key findings that cover the scale and impact of ransomware in the UK, including 70% of attacks resulted in data being encrypted and 26% of encryption-led attacks also involved data theft. The team also discuss the report in comparison to the findings of the 2024 report, the trends and shifts in attack tactics and their outcomes. Gain an understanding of the real-world implications for UK businesses across various sizes and sectors.
This podcast episode delves into the complexities of ransomware attacks, highlighting both technological and human factors that contribute to their success. It underscores the importance of a multi-layered defence strategy combining technology, human expertise and education.
Brian and Jon discuss how ransomware attacks are frequently caused by multiple factors, including both technology vulnerabilities and human errors. Exploited software vulnerabilities are the most common cause, accounting for about 32% of successful attacks. These vulnerabilities are usually flaws in software that cybercriminals exploit to execute malicious code. Whereas remote ransomware attacks involve cybercriminals using vulnerable or unmanaged devices within a network to attack other devices that store valuable data. Traditional endpoint protection often fails to detect these lateral attacks.
Human factors also play a significant role in ransomware infiltration. Compromised user credentials, often obtained through social engineering tactics such as phishing, are a common cause. Phishing remains a significant threat vector, relying on human interaction to succeed. Cybercriminals craft highly convincing emails using AI to mimic brand language, tone and logos, making it difficult for users to distinguish legitimate messages from malicious ones.
Organisations face operational challenges such as a lack of skilled cybersecurity personnel, insufficient time to dedicate to security and acceptance of certain security gaps as risks. These challenges underscore the need for adequate resources and comprehensive security strategies.
The podcast emphasises the importance of security data and logs as critical defence tools. Extended Detection and Response (XDR) platforms consolidate security data into a single location for easier analysis. Managed Detection and Response (MDR) services provide 24/7 expert monitoring and analysis, offering a cost-effective alternative to building an in-house team. Integrating data from various tools allows for comprehensive visibility and early warnings.
Backups are crucial for recovery, but cybercriminals often target them first. Integrations with backup vendors can enable monitoring for suspicious changes. The discussion concludes by emphasising that while recovery capabilities are improving, preventing ransomware attacks remains the priority. Early detection through human-led threat hunting, combined with integrated technology tools, and continuous education are key to defending against sophisticated ransomware threats.
Stay Ahead with Expert Insights from Espria
Be the first to hear about our latest podcasts and webinars, where we explore the evolving world of cybersecurity, digital transformation, and IT strategy. Join industry experts, thought leaders, and solution specialists as they share real-world challenges and practical advice to help your organisation thrive.
You may be interested in
The Current Threat Landscape
In the past year, 71% of secondary schools have reported a breach or attack – cyber-attacks are constantly making headlines. In episode 2 of our podcast series our team of experts discuss the evolving threat landscape. You will learn The Espria and Mimecast team also share proactive strategies to enhance your organisation’s cyber security. With budgetary restrictions impacting many education establishments, they often lack the in-house resources to manage their cyber security effectively. The constant monitoring of data, looking for patterns and vulnerabilities to detect and respond to cyber threats is simply not an option…
The 2025 State of Ransomware: Key Insights on Attacks, Costs, and Recovery
Ransomware continues to evolve — and so must our defenses. The State of Ransomware 2025 report from Sophos presents one of the most comprehensive views yet into how organisations around the world are being impacted by ransomware attacks. Based on an independent survey of 3,400 IT and cybersecurity leaders across 17 countries, the report explores how attacks are evolving, the operational weaknesses adversaries exploit, and the human and financial tolls that follow. Whether you’re building a cybersecurity strategy or assessing risk, this year’s findings offer crucial, real-world insights to guide your response. Key Findings from…
Outgrowing your MSP; businesses need a provider that scales with their growth
To stay competitive, business leaders must align with MSPs that deliver strategic value, drive innovation, and support to scale. Now firmly into 2025, it’s becoming clear what the year has in store for the IT landscape. For SMBs, the message is clear: business growth must be matched with smarter, more scalable managed services. The demand for cyber-resilient, cloud-first and AI-integrated solutions is no longer a forecast – it’s a reality already shaping business priorities. According to leading global technology market analyst firm Canalys’ MSP Trends 2025 report, the MSP model is transforming under growing pressure…
End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
Recent breaches at major UK retailers, combined with the approaching end of life of Windows 10, highlights a critical moment for IT resilience planning The recent wave of cyberattacks targeting major UK retailers has highlighted the growing security risks associated with organisations running outdated systems and applications and maintaining weak identity verification protocols. These incidents—particularly those involving Marks & Spencer and the Co-Op—have starkly exposed how vulnerable legacy infrastructure and insufficient access controls can be. In both cases, attackers successfully posed as legitimate employees and manipulated IT help desks into resetting internal passwords, ultimately gaining…
UK SMEs must fortify their cybersecurity against geopolitical risks, says Espria
A recent Sky News investigation highlighted an uptick in cyberattacks tied to the Iran conflict that are targeting businesses across multiple sectors. Speaking at the NATO Summit, Prime Minister Sir Keir Starmer urged UK businesses, regardless of size or sector, to prioritise cybersecurity and ‘take immediate steps to review and strengthen their defences.’ While the warning is timely in tone, businesses are already becoming targets of politically motivated cyberattacks, emphasising the need for heightened vigilance. “As tensions spread globally, threat actors will continue to exploit digital vulnerabilities, and neutral businesses may be caught in the…
Understanding Human Risk in the Education Sector
Why is the education sector such a major target for cyber criminals? What makes the sector so exploitable? What are the risks of your data being stolen? In 2024, human risk surpassed technology gaps as the biggest cyber security challenge. Human error contributes to 95% of data breaches. Are you aware that educational institutions are more likely to identify cyber security breaches or attacks compared to the average UK business? For instance, 71% of secondary schools have reported a breach or attack in the past year, which is indicative of the widespread nature of these…