top of page

"Understanding the Persistence of Ransomware: Identifying Key Risk Factors"

Ransomware, the ever-persistent cyber threat, continues to plague organizations worldwide despite increased awareness, enhanced security measures, and international efforts to combat cybercriminal operations. In a digital landscape where every organization is a potential target, the need for vigilance and proactive security measures has never been greater.

A recent international study conducted in 2022 revealed a disconcerting statistic: approximately 73% of surveyed organizations reported falling victim to at least one successful ransomware attack. This high victim count is partly attributed to the accessibility and affordability of ransomware-as-a-service offerings, which have made ransomware attacks accessible to a broader spectrum of cybercriminals.

However, the study uncovered an equally alarming trend—38% of organizations experienced repeat ransomware attacks in 2022. This means they were struck twice or more by either the same or different ransomware threat actors. This recurring threat poses substantial risks, raising questions about the potential consequences of multiple attacks on organizations that may still be grappling with the aftermath of previous incidents.

Factors Contributing to Repeat Ransomware Attacks

To better comprehend the factors placing organizations at risk of repeat ransomware attacks, we must consider various elements, including:

  1. Inadequate Security Measures: The study highlighted that 69% of ransomware attacks originated from malicious emails, often in the form of phishing attempts designed to steal credentials for network breaches. Web applications and web traffic also emerged as significant points of vulnerability. To mitigate these risks, organizations must bolster their security measures to include robust email protection and address vulnerabilities in their web presence.

  2. Insufficient Incident Response: The fact that multiple successful attacks can occur suggests that security gaps persist even after the initial incident. Reasons for this may include a lack of comprehensive security controls, incident response capabilities, and the sophistication and stealth of attackers. Backdoors and persistence tools left by attackers may go unnoticed, creating ongoing vulnerabilities.

  3. Ransom Payment: Surprisingly, organizations hit multiple times were more likely to admit to paying ransoms to recover encrypted data. This willingness to pay ransoms can attract further attacks, as cybercriminals target known payers, banking on the victim's reluctance to lose valuable data.

  4. Cyber Insurance: The study found that organizations with cyber insurance were not immune to ransomware attacks, with 77% reporting successful attacks. Cybercriminals might specifically target insured organizations, believing that insurers will cover ransom costs. Moreover, organizations affected by multiple ransomware attacks were more likely to have cyber insurance in place (70%).

Defending Against Ransomware

The study indicates that some organizations may underestimate their vulnerability to ransomware. Only 27% of surveyed organizations felt underprepared to tackle a ransomware attack. To enhance ransomware defense, the security industry must deploy comprehensive security technologies such as AI-powered email protection, Zero Trust access measures, application security, threat hunting, extended detection and response (XDR) capabilities, and effective incident response.

For actionable steps to bolster ransomware protection, consider referring to our guide: "Don't Pay the Ransom – A Three-Step Guide to Ransomware Protection." This guide includes a downloadable ransomware protection checklist to help organizations get started on their path to improved cybersecurity.

For detailed insights from the research, explore the 2023 Ransomware Insights report, which sheds light on the state of ransomware threats and their impact on organizations.

The survey, conducted on behalf of Barracuda by independent research firm Vanson Bourne, polled IT professionals across a range of industries in the U.S., EMEA, and APAC countries, encompassing organizations with 100 to 2,500 employees, from frontline to senior roles.

3 views0 comments

Recent Posts

See All


bottom of page