New research has found that 31% of ransomware victims suffered multiple attacks in the last 12 months, highlighting the ongoing challenge presented by security fragmentation and ineffective defences in organisational IT environments.
The Ransomware Insights Report 2025, published by Barracuda, draws on a survey of 2,000 IT and security decision-makers from North America, Europe, and Asia-Pacific, carried out by research firm Vanson Bourne. The findings demonstrate that ransomware remains both a frequent and financially motivated threat, able to exploit the weaknesses and complexity of existing security infrastructure.
Repeat attacks
Of the organisations that have experienced ransomware incidents in the past year, almost a third reported being targeted more than once. Among these repeat victims, 74% indicated that they are currently managing an excessive number of security tools, creating significant challenges in effective oversight. A further 61% reported that their tools do not integrate well, impeding overall visibility and forming blind spots where cybercriminals can operate.
The healthcare and local government sectors have been particularly affected, with 67% and 65% respectively reporting ransomware attacks. Overall, 57% of all respondents said their organisations had fallen victim to at least one ransomware attempt in the last year.
Financial impact
Ransomware attackers continue to generate significant returns, with the survey revealing that 32% of organisations paid a ransom to recover or restore data. The figure rises to 37% among those affected by multiple attacks. However, the data also shows that paying a ransom does not guarantee a full recovery, as 41% of organisations that paid did not recover all their data.
There are various explanations for the low success rates following payment. The report notes, “The decryption tools provided by the attackers may not work, or they’ve only shared a partial key. Files can be damaged during the encryption and decryption processes, and sometimes the attackers take the ransom and don’t provide any decryption tools. A good and regularly updated backup offers proven protection against this risk.”
Security vulnerabilities
The report points to significant deficiencies in email security, with less than half (47%) of ransomware victims having implemented an email security solution, compared to 59% of organisations that were not targeted by ransomware. This is of particular concern given that 71% of those who suffered an email breach also went on to experience a ransomware incident.
The methodology underpinning the research involved surveying senior security decision-makers with responsibility for IT and business functions in organisations sized between 50 and 2,000 employees, spanning industries in the US, UK, France, Germany, Austria, Switzerland, Belgium, the Netherlands, Luxembourg, the Nordics, Australia, India, and Japan.
Complex attacks
The report finds that ransomware attacks often involve multiple methods and objectives. Only 24% of reported incidents were limited to encrypting data, while 27% involved both stealing and publishing data, 29% included the installation of other malicious payloads, and 21% saw attackers install backdoors for persistent access.
The impact of successful ransomware incidents has grown. 41% of affected organisations reported reputational harm, while a quarter suffered the loss of new business opportunities. Attackers are also using payment threats directed at business partners, shareholders, customers (22%), and employees (16%) to increase pressure on victim organisations.
Security integration challenges
Neal Bradbury, Chief Product Officer at Barracuda, said the findings raise considerable concern regarding the scalability and integration of security tools currently in use:
“The findings make it clear that ransomware is an escalating threat, and fragmented security defenses leave organizations immensely vulnerable. In many cases attackers can move through victims’ networks, gaining access to devices, data and more without being detected and blocked. Too many victims are juggling an unmanageable number of disconnected tools, often introduced with the best intentions to strengthen protection. Tools that can’t work together, or which are not configured correctly, create security gaps and lead to breaches. A unified approach to security centered on a strong integrated platform is vital.”
The data presented in the report highlight ongoing challenges as ransomware groups refine their methods, with security complexity and insufficiently coordinated toolsets providing opportunities for repeated incidents and significant business risk. The report underscores the importance of consistent and unified security practices for organisations looking to reduce their exposure to ransomware attacks.
