Vast Majority Who Pay Ransom Demand Still Cannot Recover Data

A recent survey reveals that less than 20% of companies that pay ransom demands after cyberattacks recover all their data, challenging the perception that paying is an effective solution.  

The report found that 1 in 10 businesses that paid ransoms experienced data leaks despite payment, the CyberNews reports. Companies often pay ransoms—sometimes in the hundreds of thousands of dollars—to protect customer data or recover files, especially if they lack adequate backups.  

However, the report warns that “paying up rarely pays off.” Beyond financial losses, the reputational impact of cyberattacks is severe. Nearly half of businesses struggle to attract new clients after a publicized attack, while 64% report losing existing customers or partners.

The frequency of attacks is alarming: the average business experiences 60 cyber incidents annually, with larger organizations facing over 100. Nearly 70% of U.S. businesses reported an increase in attacks from 2023 to 2024.  

The researchers emphasized that inadequate cybersecurity damages customer trust, deters investors, and invites regulatory scrutiny, ultimately threatening growth and revenue.

Takeaway: Given that less than 20% of businesses that pay a ransom successfully recover all their data, and 1 in 10 experience data leaks even after payment, the debate over whether organizations should pay ransomware should be all but dead.

This latest research underscores what other studies have already found: that “paying up rarely pays off,” as ransom payments fail to guarantee data recovery or prevent further attacks.

Yet, experts are still divided on whether businesses should pay ransom demands. Advocates for payment argue it can be the quickest way to regain access to critical data, particularly in cases where human lives or public safety are at risk, such as in hospitals.  

Opponents emphasize the risks: paying encourages attackers, fails to guarantee recovery, and increases the likelihood of repeat attacks. For example, many victims who pay are targeted again by the same threat actors, often with higher demands.

While paying a ransom may seem like a short-term fix, it comes with long-term risks:

• No Guarantee of Data Recovery: Only 18% of businesses recover all their data after paying. In some cases, decryption keys provided by attackers are faulty or incomplete.

• Encourages Attacks: Paying ransoms perpetuates the financial incentives driving ransomware attacks, contributing to their rise.

• Increased Vulnerability: Organizations that pay often become repeat targets, as attackers view them as likely to pay again.

Rather than paying, organizations should focus on prevention and resilience – this begins with addressing vulnerabilities, raising awareness, and building a strong cybersecurity posture.

A dedicated anti-ransomware solution fills critical gaps in protection, because every disruptive ransomware attack against a large organization you see in the headlines bypassed mature security programs that included EPP, EDR/XDR, DLP and other controls.  

Organizations also need a threat-specific solution to defeat ransomware attacks and prevent the exfiltration of sensitive data.

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more and check out the Halcyon Attacks Lookout resource site. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.