More than three-in-ten ransomware victims are being hit multiple times, thanks to ineffective defenses and security fragmentation.
According to Barracuda Networks' Ransomware Insights Report, 57% of organizations fell victim to a successful ransomware attack in the last 12 months, with 31% of victims affected more than once.
A ransom was paid in 32% of cases, rising to 37% among organizations affected twice or more. More than two-in-ten said they'd experienced pressure to make payments through threats to partners, shareholders, and customers, and 16% reported threats to employees.
However, 41% of those who paid a ransom failed to recover all their data, the study noted. Decryption tools provided by the attackers don't always work, or only a partial key may be provided.
Meanwhile, files can be damaged during the encryption and decryption processes - or, sometimes, the ransom is paid but decryption tools aren't supplied.
Many ransomware victims lack basic security, with only 47% using an email security solution, for example, compared with 59% of non-victims. More than seven-in-ten organizations that suffered an email breach were also hit with ransomware.
“The findings make it clear that ransomware is an escalating threat, and fragmented security defenses leave organizations immensely vulnerable,” said Neal Bradbury, chief product officer at Barracuda.
“Too many victims are juggling an unmanageable number of disconnected tools, often introduced with the best intentions to strengthen protection. Tools that can’t work together, or which are not configured correctly, create security gaps and lead to breaches."
Just under a quarter of the ransomware incidents reported involved data encryption, while 27% saw the attackers stealing and publishing data. Hackers infected devices with other malicious payloads in 29% of cases, and installed backdoors for persistence in 21%.
Ransomware attacks are getting worse
The impact of a successful ransomware attack is also growing. Around four-in-ten victims said they'd suffered from reputational harm, with a quarter reporting tangible business impact and a similar number saying they'd lost new business opportunities.
Similarly, around a quarter of the ransomware incidents reported involved the encryption of data, locking endpoints and data theft.
Attacks also featured lateral movement across the network, the infection of multiple endpoints, the installation of additional malicious payloads, privilege elevation, and embedding backdoors and other persistence mechanisms.
To make it harder for victims to restore their data without paying, around one in five attackers accessed and wiped backups and deleted shadow copies of files.
“In many cases attackers can move through victims’ networks, gaining access to devices, data and more without being detected and blocked," said Bradbury.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- 75% of UK business leaders are willing to risk criminal penalties to pay ransoms
- The ransomware boom shows no signs of letting up
- The ransomware groups worrying security researchers in 2025
-
Millions of Dell laptops are are at risk thanks to a Broadcom chip vulnerabilityNews Widely used in high-security environments, the PCs are vulnerable to attacks allowing the theft of sensitive data
-
Everything you need to know about OpenAI's new open weight AI modelsNews The two open weight models from OpenAI, gpt-oss-120b and gpt-oss-20b, are available under the Apache 2.0 license.
-
Millions of Dell laptops are are at risk thanks to a Broadcom chip vulnerability – and more than 100 device models are impacted
News Widely used in high-security environments, the PCs are vulnerable to attacks allowing the theft of sensitive data
-
Cybersecurity teams are wasting time, money, and effort dealing with tool sprawl and ‘multi-vendor ecosystems’News Tool sprawl is a problem that just won't go away for security teams
-
AI breaches aren’t just a scare story any more – they’re happening in real lifeNews IBM research shows proper AI access controls are leading to costly data leaks
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
Bitdefender targets security gaps with new Cybersecurity Advisory ServicesNews The security vendor has launched a range of new services that include advisory retainers and strategic security guidance
-
‘Polyworking’ is a cybersecurity nightmare waiting to happenNews Particularly popular with Gen Z, so-called polyworking brings huge cybersecurity risks
-
Hackers accessed more data than thought in Legal Aid Agency cyber attackNews Anybody who's applied for legal aid funding since 2007 could have had their personal data stolen
-
Nearly half of enterprises aren't prepared for quantum cybersecurity threatsNews Most businesses haven't even started transitioning to post-quantum cryptography, research shows
