More than three-in-ten ransomware victims are being hit multiple times, thanks to ineffective defenses and security fragmentation.
According to Barracuda Networks' Ransomware Insights Report, 57% of organizations fell victim to a successful ransomware attack in the last 12 months, with 31% of victims affected more than once.
A ransom was paid in 32% of cases, rising to 37% among organizations affected twice or more. More than two-in-ten said they'd experienced pressure to make payments through threats to partners, shareholders, and customers, and 16% reported threats to employees.
However, 41% of those who paid a ransom failed to recover all their data, the study noted. Decryption tools provided by the attackers don't always work, or only a partial key may be provided.
Meanwhile, files can be damaged during the encryption and decryption processes - or, sometimes, the ransom is paid but decryption tools aren't supplied.
Many ransomware victims lack basic security, with only 47% using an email security solution, for example, compared with 59% of non-victims. More than seven-in-ten organizations that suffered an email breach were also hit with ransomware.
“The findings make it clear that ransomware is an escalating threat, and fragmented security defenses leave organizations immensely vulnerable,” said Neal Bradbury, chief product officer at Barracuda.
“Too many victims are juggling an unmanageable number of disconnected tools, often introduced with the best intentions to strengthen protection. Tools that can’t work together, or which are not configured correctly, create security gaps and lead to breaches."
Just under a quarter of the ransomware incidents reported involved data encryption, while 27% saw the attackers stealing and publishing data. Hackers infected devices with other malicious payloads in 29% of cases, and installed backdoors for persistence in 21%.
Ransomware attacks are getting worse
The impact of a successful ransomware attack is also growing. Around four-in-ten victims said they'd suffered from reputational harm, with a quarter reporting tangible business impact and a similar number saying they'd lost new business opportunities.
Similarly, around a quarter of the ransomware incidents reported involved the encryption of data, locking endpoints and data theft.
Attacks also featured lateral movement across the network, the infection of multiple endpoints, the installation of additional malicious payloads, privilege elevation, and embedding backdoors and other persistence mechanisms.
To make it harder for victims to restore their data without paying, around one in five attackers accessed and wiped backups and deleted shadow copies of files.
“In many cases attackers can move through victims’ networks, gaining access to devices, data and more without being detected and blocked," said Bradbury.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- 75% of UK business leaders are willing to risk criminal penalties to pay ransoms
- The ransomware boom shows no signs of letting up
- The ransomware groups worrying security researchers in 2025
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Will businesses get lost in AI translation?In-depth Multilingual AI tools can now pick up the phone to customers – but the jury is out on whether they will and should replace humans
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victims
News The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
