Ransomware: Majority of Victims Who Paid Ransom Suffered Multiple Attacks

Published on
September 4, 2024

A recent survey of nearly 1,000 IT and security professionals reveals a troubling surge in successful ransomware attacks, with many organizations falling victim to repeated assaults.  

Over the past year, numerous organizations experienced these attacks with alarming frequency, often within just days of each other, Insurance Journal reports.  

According to the findings, 74% of respondents who faced ransomware attacks in the last 12 months were hit multiple times, with some enduring multiple attacks in the span of a single week.  

The financial toll is staggering: 78% of targeted organizations opted to pay the ransom, and of those, 72% made multiple payments. A concerning 33% of respondents reported paying a ransom four or more times.

Even more disturbing is the aftermath. In 87% of cases, attacks led to significant business disruption, whether or not a ransom was paid. This included data loss, prolonged system downtime, and in 16% of cases, situations that posed life-or-death consequences.

As well, 35% of victims who paid the ransom never received functional decryption keys, with some receiving keys that were corrupted or unusable, compounding the damage.

Takeaway: The findings in this study echoed a similar report conducted a few months earlier by Halcyon. The Halcyon report detailed the substantial impact of ransomware and data extortion attacks on businesses over the previous 24 months.  

According to the Halcyon Ransomware and Data Extortion Business Risk Report, one in five (18%) respondents had experienced a ransomware infection 10 or more times during that period, another 18% were infected between 5 and 9 times, and 30% faced between 2 and 4 attacks.

Data exfiltration had become a nearly universal component of major ransomware attacks. Nearly two-thirds (60%) of respondents reported that sensitive or regulated data had been exfiltrated from their organization, with more than half (55%) stating that attackers demanded an additional ransom to prevent the stolen data from being leaked.  

Furthermore, 58% of victims noted that the loss of sensitive data put their organizations at increased risk of regulatory action and lawsuits. The study also highlighted a significant disconnect between an organization’s perceived and actual ability to prevent and recover from ransomware and data extortion attacks.  

A striking 88% of respondents expressed confidence that their existing security measures could block an attack before a ransomware payload was delivered, and 85% believed they could swiftly restore operations after an attack. However, more than one in three (36%) were infected five or more times over the two-year span.

Additionally, 62% of organizations impacted by ransomware reported significant disruptions to their operations, with 38% stating that the disruptions lasted anywhere from two to over six months.  

These findings underscored the overconfidence many organizations had regarding their ability to defend against and recover from ransomware. Other notable findings in the report included:

  • All organizations hit by ransomware had been running some form of prevention tools at the time of the attack.
  • Of the organizations that opted to pay the ransom, 78% reported that the attackers failed to provide a decryption key, or the data was corrupted upon decryption.
  • 59% of respondents said their organization spent over $1 million on incident response alone.
  • More than half (57%) believed the attacks would have a lasting negative impact on their operations, competitiveness, profitability, or overall viability.
  • Among organizations with cyber insurance, 39% reported significant premium increases following a ransomware attack, while 28% saw moderate increases.

These findings made it clear that despite the tools and confidence many organizations possessed, the reality of defending against ransomware remained a formidable challenge.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.