'An Ever-Present State Of Threat': 2024 Ransomware Report

Ransomware is ramping up and walloping businesses, according to recent studies, with some targeted repeatedly.

Cybersecurity company Semperis teamed up with research firm Censuswide to create a report on the current state of ransomware and the news is bleak.

According to the 2024 Ransomware Report, ransomware remains a critical business threat. Companies are targeted not just once, but often several times.

In a study involving 900 IT and security professionals across the U.S, UK, France, and Germany, the report details how pervasive ransomware is.

A few key takeaways:

Seventy-four percent of those surveyed said they were victimized by ransomware within the last 12 months, with many saying attacks happened within the span of one week.

Seventy-eight percent said they paid the ransom, with 72 percent saying they paid ransom multiple times.

Eighty-seven percent said the attacks disrupted business. Thirty-three percent said they suffered data loss, and 33 percent had to take their systems offline.

Thirty-five percent of organizations that paid ransom, did not receive decryption keys or were otherwise unable to access their digital assets.

Another study, from Rubrik Zero Labs, mirrors the ransomware risks. That study revealed that "60 percent of IT and security leaders reported they are extremely or very concerned about their organization's ability to maintain business continuity during a cyberattack."

"In 2024, ransomware no longer has an awareness problem; countless incidents across industries like healthcare, financial services, transportation, and more have made ransomware a focal point on many occasions. What requires increased awareness is the resilience problem organizations and security leaders now face in protecting their critical operations," said Arvind "Nitro" Nithrakashyap, co-founder and CTO of data security company Rubrik, in a statement.

"It is paramount that organizations can identify and investigate threats against business-critical data early to better their chances of complete recovery. If all organizations take the road of cyber resilience, we'd be one step closer to securing the world's data," Nithrakashyap added.

More troubling news from Semperis' report – 88 percent of U.S. companies hit with ransomware paid up to $600k in ransom, and 12 percent paid more than that. In the UK, up to 92 percent of ransomware victims, paid about half a million pounds, and eight percent paid more.

"The cost of the ransom payment is not the sum total of the actual damage," said Semperis CEO Mickey Bresman in a statement. "Certain attacks aren't money-driven; rather they are aimed at causing chaos and disruption. In addition, the money that you pay is being used for other criminal activities, like human trafficking, drugs, and weapons."

"We must assume an ever-present state of threat. This is not just the notorious cases that we hear about every quarter or so. This is happening all day, every day, to a range of companies," said Chris Inglis, strategic advisor at Semperis, and the first U.S. National Cyber Director, and former deputy director of the U.S. National Security Agency.