Study shows many companies paid multiple ransoms in the past 12 months. Victims also report that hackers have threatened to physically harm executives and file regulatory complaints against their companies.
HOBOKEN, N.J., July 31, 2025 /PRNewswire/ — Semperis, a provider of AI-powered identity security and cyber resilience, today published results of a global ransomware study of nearly 1,500 organizations in a variety of industries that aims to understand their experience with ransomware over the last 12 months. The study shows hackers are relentless and ransomware is still a global epidemic. In fact, in 40% of attacks, threat actors threatened to physically harm executives at organizations that declined to pay a ransom demand. US-based companies experienced physical threats 46% of the time, while 44% of German firms experienced similar forms of intimidation.
The 2025 Ransomware Risk Report: Essential Guidance for Building Operational Resilience Against Cyberattacks found that 47% of attacked companies in the US, UK, France, Germany, Spain, Italy, Singapore, Canada, Australia and New Zealand reported that hackers threatened to file regulatory complaints against them if they didn’t report the incident. In the US, the rate jumped to 58%, a 23% increase, while in Singapore the extortion threat surged to 66%, a jump of 40% and the highest of any country.
In comparing results from last year’s ransomware study, Semperis found slight decreases year over year in companies paying ransoms. Still, 69% of companies that were victimized by ransomware paid a ransom. Unfortunately, 38% of companies paid multiple ransoms and 11% of companies paid three times or more. In the US, 47% of companies paid ransoms multiple times, while in Singapore 50% of companies paid multiple times.
Former US National Cyber Director and Semperis Strategic Advisor Chris Inglis suggests that now is not the time for companies to get a false sense of security. He says, “Now is not the time for complacency. True regret isn’t knowing what you should have done; it’s not having done what you knew was needed and had the means to do.”
The Ransomware Scourge
Ransomware attacks continue to be highly coordinated, strategically timed and deeply embedded throughout systems before they are executed. This gives multiple attackers access to multiple operational systems — so they can execute multiple strikes. Organizations must be on continual alert, always ready for the success of not one, but multiple breaches.
The findings indicate that ransomware attacks are frequent, with 50% of respondents citing cybersecurity threats as the top threat to business resilience. The top cybersecurity challenge facing organizations is the sophistication of attacks (37%), while next (32%) is attacks against organizations’ identity infrastructure, most commonly Active Directory. Nearly 20% of companies that paid a ransom either received corrupt decryption keys that were unusable or the hackers still published stolen data after stating they would not.
“Paying ransoms should never be the default option. While some circumstances might leave the company in a non-choice situation, we should acknowledge that it’s a downpayment on the next attack. Every dollar handed to ransomware gangs fuels their criminal economy, incentivizing them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom,” said Mickey Bresman, CEO of Semperis.
What can organizations do to build on successes and increase their resilience against ransomware?
First, organizations should evaluate the security of partners and supply chain vendors as they could be the weakest link. When partners and vendors have access to sensitive systems and data, risk increases. Organizations should also be prepared for changing tactics in ransomware development and deployment and plan regular tabletop exercises to improve ransomware response.
Jen Easterly, the former Director of the Cybersecurity and Infrastructure Agency (CISA) believes there are signs of defenders increasingly winning battles in the ransomware fight with criminal enterprises. “I believe that we can make ransomware a shocking anomaly. And that is the world I want to live in: A world where software vulnerabilities are so rare that they make the nightly news, not the morning meeting. A world where cyberattacks are as infrequent as plane collisions. I do believe we can get there.”
The full ransomware study can be obtained here: 2025 Ransomware Risk Report: Essential Guidance for Building Operational Resilience Against Cyberattacks.
About Semperis
Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis’ AI-powered technology protects over 100 million identities from cyberattacks, data breaches, and operational errors.
As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world’s biggest brands and government agencies, with customers in more than 40 countries.
Learn more: https://www.semperis.com
Follow us: Blog / LinkedIn / X / Facebook / YouTube
Media Contact:
Bill Keeler
Senior Director, PR & Comms
Semperis
[email protected]
SOURCE Semperis
