About three out of 10 companies victimized by ransomware over the past 12 months were hit at least twice, with many of those organizations saying they’re juggling too many security tools that don’t integrate well, leaving them vulnerable to attacks, according to
Barracuda Networks report released last week at
Black Hat USA 2025.
Barracuda and research firm
Vanson Bourne surveyed 2,000 IT and security decision-makers from North America, Europe and Asia-Pacific, and found that fragmented and complex security defenses are making organizations attractive targets for cybercrime groups in a rapidly evolving and growing ransomware landscape.
“Ransomware is an escalating threat, powered by its ability to evolve and adapt to a changing security landscape,” Barracuda
wrote in a blog post. “Organizations around the world continue to fall victim to ransomware, often repeatedly, and the impact of these attacks can be devastating.”
The problems keep piling up on security teams trying to manage a strong defense, according to the Campbell, California, company.
“Too many victims are struggling with an unmanageable number of security tools, while under-investing in key areas that could keep them safe,” the vendor wrote. “And too many victims continue to feel they have no choice but to give in to attackers’ demands for payments, despite a significant proportion never recovering all their encrypted data.”
Lacking Protections
The numbers tell the story. Fewer than half of ransomware victims had an email security solution in place, compared to the 59% of non-victims. This is a problem given how ransomware groups tend to target email in their attacks, with 71% of organizations whose email was breached were also hit with ransomware.
Once hit, 32% of victims paid the ransom to attackers to recover or restore their data. The number jumped to 37% among companies who were victimized multiple times by ransomware. The problem is that for 41% who paid a ransom, they never recovered all of their data.
“There can be several reasons for this,” Barracuda wrote. “The decryption tools provided by the attackers may not work, or they’ve only shared a partial key. Files can be damaged during the encryption and decryption processes, and sometimes the attackers take the ransom and don’t provide any decryption tools.”
The Ransom Payment Debate
The question of whether to pay ransom is highly debated. Law enforcement agencies like the
FBI and many cybersecurity vendors urge companies not to. Not only do many of those who pay never get to recover their data, but ransomware groups tend to publicize what companies pay, opening them up to further attacks by the same or different bad actors.
“When dealing with ransomware or any other cyberattack, it’s never a good idea to give in to hackers’ demands,” Dale Shulmistra, data protection specialist with
Invenio IT,
wrote in May, noting the FBI’s warning. “Ransomware attacks are a serious crime, and the act of paying the bad actors only supports their criminal activity (and the industry behind it).”
That said, some organizations argue that they need to get their data back quickly, with the fastest avenue being to pay a ransom and hope that it works.
“In the majority of cases, the determination of whether or not to pay a ransom is a business decision,”
wrote Jason Baker, managing security consultant for
GuidePoint Security. “Decisions of whether to pay ransom should be based on a thorough consideration of viable alternatives, the business impact of degraded operations, an organization’s fiduciary responsibilities, and in considering all applicable legal, statutory, and regulatory considerations.”
The Damage Done
Ransomware can have a rippling effect on a business that is the victim of an attack, according to Barracuda’s study. Of those surveyed, 41% of victims said their reputations were damaged and 25% said they lost new business opportunities. In addition, attackers raised the pressure to pay, with 22% saying their partners, shareholders, and customers were threatened by the threat actors and 16% said their employees were targeted with threats.
The attacks themselves are becoming increasingly multidimensional. About 24% of ransomware incidents involved data encryption, while 27% said the attackers stole and published data. In addition, 29% said the bad actors infected devices with other malicious payloads and 21% sai backdoors were installed for persistence.
The Threat Grows
This comes as the number of ransomware attacks continues to surge. Cybersecurity firm
Cyble said that in the first five weeks of the year, its researchers
documented 378 attacks in the United States – by far home to the largest number of targeted companies – compared with 152 during the same time in 2024 and up 282 in the last five weeks of last year.
“In 2025, ransomware remains a persistent and lucrative threat, ruthlessly exploiting security complexity and coverage gaps to implement multidimensional attacks for maximum disruption and financial gain,” Barracuda wrote. “Effective protection is not just about being able to prevent successful attacks, but to be able to detect, respond to and recover from incidents. It’s about becoming ransomware resilient.”
What’s needed is an integrated and multilayered approach that includes data protection and backups, access and authentication controls, regular patching, security awareness training, network segmentation, advanced security for email and applications, and an updated and rehearsed incident response plan, the company wrote.
Bring In the MSSPs
They also can turn to an MSSP, according to
WeSecureApp, whose services are used to protect applications, networks, and cloud environments.
“MSSPs play an essential role in protecting their clients against ransomware attacks,”
the services provider wrote. “By using robust security technologies, developing and implementing a security policy, and educating employees about cybersecurity, MSSPs, can help their clients mitigate the risks of these attacks.”
