Ransomware is no longer in its heyday. Evolving, AI-driven cybersecurity tools and global law enforcement efforts have seen to that. But that doesn’t mean ransomware is no longer a threat. In fact, in some ways, the danger is greater than ever. While ransomware attacks are less common than they used to be, the consequences of those that succeed are more severe.
Earlier this year, the Ponemon Institute published a study revealing massive changes in the ransomware landscape. Some changes are encouraging, but many more are a real cause for concern. So, without further ado, let’s dive in.
Ransomware Shutdowns Increase
When we think about the consequences of a ransomware attack, being forced to make a ransom payment is understandably often the first thing that comes to mind. What we usually overlook, however, is the fact that many organizations must shut down operations in the wake of an attack – perhaps more often than one might expect.
Throughout 2024, a staggering 58% of organizations hit by ransomware were forced to shut down operations to recover, up from 45% in 2021. The implications of this fact are relatively obvious: if an organization must shut down operations, it loses money. Again, this is reflected in the Ponemon report, with the proportion of respondents reporting a significant revenue loss because of a ransomware attack nearly doubling from 2021 to 2024, from 22% to 40%.
Couple revenue losses with the cost of incident response, legal fines, and ransom payments, and it’s clear that the potential financial impacts of ransomware attacks are, if anything, worse than ever.
Incident Response Times and Costs Fall
More encouraging, however, is that organizations appear to be more efficient at conducting incident response efforts. In 2021, containment and remediation took an average of 190 hours with 14 staff at a cost of $169,910; in 2024, it only took an average of 132 hours with 17.5 staff at a cost of $146,685.
These statistics are perhaps unsurprising; ransomware attackers have been targeting enterprises for over a decade, meaning organizations are getting better at dealing with them. Moreover, AI-driven incident response tools – which have evolved significantly since 2021 – essentially expedite the incident containment and remediation process, sifting through incident logs far faster than human analysts ever could.
Paying Up Doesn't Pay Off
It should be common knowledge by now, but meeting ransomware demands is rarely a good idea. Of the 51% of victims that paid the ransom, only 13% recovered all data, 40% still had their data leaked, and 32% faced further extortion attempts. Again, these statistics are unsurprising - just last year, Change Healthcare made a $22 million ransomware payment and received nothing in return. With 2025 well underway, we should all take this lesson to heart: paying up doesn’t pay off.
Reasons for Refusing Ransoms
That said, we shouldn’t ignore the 49% of organizations that refused to pay the ransom. That’s not an insignificant number. The reasons those organizations gave for not paying ransom are even more encouraging and show that, at the very least, attitudes to ransom payments are heading in the right direction. They were:
Data wasn’t critical (49%)
Effective backup strategy (48%)
Company policy against paying (47%)
Lack of trust in attackers providing a valid decryption key (46%)
Law enforcement advice (40%)
Organizations are Reluctant to Report Incidents
Unfortunately, despite efforts to the contrary, ransomware victims are still highly reluctant to report incidents to law enforcement. Reporting ransomware attacks significantly improves the chances of disrupting cybercriminal operations, preventing further attacks, and recovering from an incident; it is, to put it mildly, a shame that so few victims feel comfortable doing so.
However, the reasons for not reporting are understandable. 39% of victims cited a fear of publicity as a reason for not reporting an incident. This makes sense when we consider that 35% of organizations reported brand damage resulting from a ransomware attack in 2024, up from 21% in 2021. Other reasons include payment deadline pressure (38%) and fear of retaliation (38%).
Old Attacks, Evolving Tactics
While phishing remains the most common initial attack vector, the ransomware threat landscape has changed somewhat over the past few years. For example, software vulnerability exploitation rose from 16% in 2021 to 19% in 2024, while 52% of respondents reported attackers targeting unpatched vulnerabilities, up from 33% across the same period.
In terms of pressure tactics, data exfiltration came out on top (47%), closely followed by DDoS attacks (45%), data encryption (43%), and disclosing stolen data to customers and stakeholders (34%).
How Fortra Can Help
Fortra Ransomware Defense can help you mitigate the risk of ransomware attacks in 2025. It consolidates data protection, vulnerability management, digital risk protection, offensive security, secure file transfer, employee awareness training, and email security, to provide everything your organization can to ward off ransomware actors and avoid becoming a statistic.
Want to find out more? Contact us today.
