About a third (31%) of ransomware victims were affected multiple times in the last 13 months as gangs exploit ineffective defences and security fragmentation.
This is according to the Ransomware Insights Report 2025 from Barracuda Networks, Inc, which also shows that 74% of repeat victims say they are juggling too many security tools, and 61% say their tools don’t integrate – disrupting visibility and creating blind spots where attackers can hide.
The report is based on the findings of an international survey undertaken by Barracuda with Vanson Bourne, gathering insights from 2,000 IT and security decision-makers across North America, Europe, and Asia-Pacific. The results highlight how ransomware remains a persistent and lucrative threat, ruthlessly exploiting security complexity and coverage gaps to implement multidimensional attacks for maximum disruption and financial gain.
Over half (57%) of the organisations surveyed were affected by ransomware, including 67% of those in healthcare, and 65% for local government.
Ransomware attackers have a one-in-three change of a pay out, the research found, as 32% of victims paid the attackers to recover or restore data, rising to 37% among organisations affected twice or more.
However, 41%of those who paid a ransom failed to recover all their data. There can be several reasons for this. The decryption tools provided by the attackers may not work, or they’ve only shared a partial key. Files can be damaged during the encryption and decryption processes, and sometimes the attackers take the ransom and don’t provide any decryption tools. This highlights how important it it so have have a good and regularly updated backup.
Many ransomware victims have insufficient coverage in key security areas. For example, fewer than half (47%) of the ransomware victims had implemented an email security solution, compared to 59% of non-victims. This matters because email is a primary attack vector for ransomware: 71% of organisations that suffered an email breach were also hit with ransomware.
Just under a quarter (24%) of the ransomware incidents experienced by respondents involved data encryption, while a significant number involved the attackers stealing (27%) and publishing data (also 27%), infecting devices with other malicious payloads (29%), installing backdoors for persistence (21%), and more.
Recommended reading
The impact crater of a successful ransomware attack is expanding, from reputational harm (experienced by 41%) to tangible business impact such as loss of new business opportunities (25%) and payment pressure tactics that include threatening partners, shareholders, and customers (22%), and employees (16%).
“The findings make it clear that ransomware is an escalating threat, and fragmented security defences leave organisations immensely vulnerable,” said Neal Bradbury, chief product officer at Barracuda.
“In many cases attackers can move through victims’ networks, gaining access to devices, data and more without being detected and blocked.
“Too many victims are juggling an unmanageable number of disconnected tools, often introduced with the best intentions to strengthen protection. Tools that can’t work together, or which are not configured correctly, create security gaps and lead to breaches. A unified approach to security centred on a strong integrated platform is vital.”
