More than three-in-ten ransomware victims are being hit multiple times, thanks to ineffective defenses and security fragmentation.
According to Barracuda Networks' Ransomware Insights Report, 57% of organizations fell victim to a successful ransomware attack in the last 12 months, with 31% of victims affected more than once.
A ransom was paid in 32% of cases, rising to 37% among organizations affected twice or more. More than two-in-ten said they'd experienced pressure to make payments through threats to partners, shareholders, and customers, and 16% reported threats to employees.
However, 41% of those who paid a ransom failed to recover all their data, the study noted. Decryption tools provided by the attackers don't always work, or only a partial key may be provided.
Meanwhile, files can be damaged during the encryption and decryption processes - or, sometimes, the ransom is paid but decryption tools aren't supplied.
Many ransomware victims lack basic security, with only 47% using an email security solution, for example, compared with 59% of non-victims. More than seven-in-ten organizations that suffered an email breach were also hit with ransomware.
“The findings make it clear that ransomware is an escalating threat, and fragmented security defenses leave organizations immensely vulnerable,” said Neal Bradbury, chief product officer at Barracuda.
“Too many victims are juggling an unmanageable number of disconnected tools, often introduced with the best intentions to strengthen protection. Tools that can’t work together, or which are not configured correctly, create security gaps and lead to breaches."
Just under a quarter of the ransomware incidents reported involved data encryption, while 27% saw the attackers stealing and publishing data. Hackers infected devices with other malicious payloads in 29% of cases, and installed backdoors for persistence in 21%.
Ransomware attacks are getting worse
The impact of a successful ransomware attack is also growing. Around four-in-ten victims said they'd suffered from reputational harm, with a quarter reporting tangible business impact and a similar number saying they'd lost new business opportunities.
Similarly, around a quarter of the ransomware incidents reported involved the encryption of data, locking endpoints and data theft.
Attacks also featured lateral movement across the network, the infection of multiple endpoints, the installation of additional malicious payloads, privilege elevation, and embedding backdoors and other persistence mechanisms.
To make it harder for victims to restore their data without paying, around one in five attackers accessed and wiped backups and deleted shadow copies of files.
“In many cases attackers can move through victims’ networks, gaining access to devices, data and more without being detected and blocked," said Bradbury.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- 75% of UK business leaders are willing to risk criminal penalties to pay ransoms
- The ransomware boom shows no signs of letting up
- The ransomware groups worrying security researchers in 2025
-
Getting a grip on digital identityITPro Podcast As AI agent adoption explodes, security leaders will need better identity controls than ever before
-
Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
-
‘Channel their curiosity into something meaningful’: Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attack
News Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
-
Microsoft and Cloudflare just took down a major phishing operationNews RaccoonO365’s phishing as a service platform has risen to prominence via Telegram
-
Cyber professionals are losing sleep over late night attacksNews Hackers are biding their time and launching attacks when businesses can’t respond
-
BreachForums founder resentenced to three years in prisonNews A US appeals court vacated his previous sentence and remanded the case for resentencing
-
Jaguar Land Rover says IT disruption set to continueNews The automotive manufacturer is still not fully operational after the recent cyber attack
-
Nearly 700,000 customers impacted after insider attack at US fintech firmNews FinWise, which provides loans on behalf of US financial services firms, revealed a former employee accessed sensitive customer information after leaving the firm.
-
How to check if you’ve been affected by Salesforce attacks – and stop hackers dead in their tracksNews The FBI has issued a fresh advisory over the threat posed to Salesforce customers by two threat groups. Here's how you can stay safe and mitigate any risks.
-
Kids hacking for kicks are causing security headaches at schoolsNews More than half of cyber incidents at schools are caused by students, with some tech-savvy pupils attempting to bypass security and network controls.
