One in Three Ransomware Victims Hit Multiple Times as Security Gaps Persist

Staff Report From Georgia CEO

Thursday, August 7th, 2025

Barracuda Networks, Inc., a leading cybersecurity company providing complete protection against complex threats for all sized businesses, has released new research showing 31% of ransomware victims were affected multiple times in the last 12 months as gangs exploit ineffective defenses and security fragmentation. The findings are detailed in the Ransomware Insights Report 2025, which also shows that 74% of repeat victims say they are juggling too many security tools, and 61% say their tools don't integrate — disrupting visibility and creating blind spots where attackers can hide.

The report is based on the findings of an international survey undertaken by Barracuda with Vanson Bourne, gathering insights from 2,000 IT and security decision-makers across North America, Europe and Asia-Pacific. The results highlight how ransomware remains a persistent and lucrative threat, ruthlessly exploiting security complexity and coverage gaps to implement multidimensional attacks for maximum disruption and financial gain.

The research shows that:

  • 57% of the organizations surveyed were affected by ransomware, including 67% of those in healthcare and 65% for local government.

  • Ransomware attackers have a one-in-three chance of payout. 32% of ransomware victims paid the attackers to recover or restore data, rising to 37% among organizations affected twice or more.

  • 41% of those who paid a ransom failed to recover all their data. There can be several reasons for this. The decryption tools provided by the attackers may not work, or they've only shared a partial key. Files can be damaged during the encryption and decryption processes, and sometimes the attackers take the ransom and don't provide any decryption tools. A good and regularly updated backup offers proven protection against this risk.

  • Many ransomware victims have insufficient coverage in key security areas. For example, fewer than half (47%) of the ransomware victims had implemented an email security solution, compared to 59% of non-victims. This matters because email is a primary attack vector for ransomware: 71% of organizations that suffered an email breach were also hit with ransomware.

  • Ransomware attacks are multidimensional. Just under a quarter (24%) of the ransomware incidents experienced by respondents involved data encryption, while a significant number involved the attackers stealing (27%) and publishing data (also 27%), infecting devices with other malicious payloads (29%), installing backdoors for persistence (21%), and more.

  • The impact crater of a successful ransomware attack is expanding, from reputational harm (experienced by 41%) to tangible business impact such as loss of new business opportunities (25%) and payment pressure tactics that include threatening partners, shareholders and customers (22%), and employees (16%).

"The findings make it clear that ransomware is an escalating threat, and fragmented security defenses leave organizations immensely vulnerable," said Neal Bradbury, chief product officer at Barracuda. "In many cases attackers can move through victims' networks, gaining access to devices, data and more without being detected and blocked. Too many victims are juggling an unmanageable number of disconnected tools, often introduced with the best intentions to strengthen protection. Tools that can't work together, or which are not configured correctly, create security gaps and lead to breaches.  A unified approach to security centered on a strong integrated platform is vital."