Ransomware: Majority of Victims Who Paid Ransom Suffered Multiple Attacks

A recent survey of nearly 1,000 IT and security professionals reveals a troubling surge in successful ransomware attacks, with many organizations falling victim to repeated assaults.  

‍

Over the past year, numerous organizations experienced these attacks with alarming frequency, often within just days of each other, Insurance Journal reports.  

‍

According to the findings, 74% of respondents who faced ransomware attacks in the last 12 months were hit multiple times, with some enduring multiple attacks in the span of a single week.  

‍

The financial toll is staggering: 78% of targeted organizations opted to pay the ransom, and of those, 72% made multiple payments. A concerning 33% of respondents reported paying a ransom four or more times.

‍

Even more disturbing is the aftermath. In 87% of cases, attacks led to significant business disruption, whether or not a ransom was paid. This included data loss, prolonged system downtime, and in 16% of cases, situations that posed life-or-death consequences.

‍

As well, 35% of victims who paid the ransom never received functional decryption keys, with some receiving keys that were corrupted or unusable, compounding the damage.

‍

Takeaway: The findings in this study echoed a similar report conducted a few months earlier by Halcyon. The Halcyon report detailed the substantial impact of ransomware and data extortion attacks on businesses over the previous 24 months.  

‍

According to the Halcyon Ransomware and Data Extortion Business Risk Report, one in five (18%) respondents had experienced a ransomware infection 10 or more times during that period, another 18% were infected between 5 and 9 times, and 30% faced between 2 and 4 attacks.

‍

Data exfiltration had become a nearly universal component of major ransomware attacks. Nearly two-thirds (60%) of respondents reported that sensitive or regulated data had been exfiltrated from their organization, with more than half (55%) stating that attackers demanded an additional ransom to prevent the stolen data from being leaked.  

‍

Furthermore, 58% of victims noted that the loss of sensitive data put their organizations at increased risk of regulatory action and lawsuits. The study also highlighted a significant disconnect between an organization’s perceived and actual ability to prevent and recover from ransomware and data extortion attacks.  

‍

A striking 88% of respondents expressed confidence that their existing security measures could block an attack before a ransomware payload was delivered, and 85% believed they could swiftly restore operations after an attack. However, more than one in three (36%) were infected five or more times over the two-year span.

‍

Additionally, 62% of organizations impacted by ransomware reported significant disruptions to their operations, with 38% stating that the disruptions lasted anywhere from two to over six months.  

‍

These findings underscored the overconfidence many organizations had regarding their ability to defend against and recover from ransomware. Other notable findings in the report included:

‍

• All organizations hit by ransomware had been running some form of prevention tools at the time of the attack.

• Of the organizations that opted to pay the ransom, 78% reported that the attackers failed to provide a decryption key, or the data was corrupted upon decryption.

• 59% of respondents said their organization spent over $1 million on incident response alone.

• More than half (57%) believed the attacks would have a lasting negative impact on their operations, competitiveness, profitability, or overall viability.

• Among organizations with cyber insurance, 39% reported significant premium increases following a ransomware attack, while 28% saw moderate increases.

‍

These findings made it clear that despite the tools and confidence many organizations possessed, the reality of defending against ransomware remained a formidable challenge.

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.