top of page

To Pay or Not to Pay: Ransomware repeat victims on the rise

A recent report has identified some alarming statistics regarding organisations who become victims of ransomware and the decisions around paying the demands of the threat actors again!

Ransomware: The Cost to Business Study 2024 by Cybereason, states that nearly four out of five organisations (78%) that complied with a ransom demand experienced a subsequent ransomware attack, often from the same perpetrator.

Of those organisations becoming a repeat victim, about two-thirds (63%) faced higher ransom demands during the second attack; out of the 78% that suffered a second breach, 36% were targeted by the same threat actor, while 42% were attacked by a different perpetrator.

In total, more than half (56%) of the surveyed organisations encountered multiple ransomware attacks in the past 24 months. The study, based on responses from over 1000 cyber security professionals, revealed that an alarming 84% of organisations opted to pay the ransom after being breached.

However, less than half (47%) of those who paid managed to recover their data and services without corruption, underscoring that paying the ransom typically does not resolve the issue.

The main considerations that victims cited when opting to pay a ransomware demand included:

  • Threat actors threatened to disclose sensitive information

  • They feared loss of business

  • Paying seemed to be the fastest solution

  • It was a holiday/weekend, and they were short-staffed

  • It was a matter of life and death

  • They didn’t have backup files

  • Staggering business costs of ransomware

The authors of the report identified the inherent problems with paying ransom demands, stating that it does not guarantee data security, full restoration of files and systems, or protection against future attacks.

The study also shed light on the staggering financial impact of ransomware, with nearly half (46%) of victims estimating business losses between $1-10 million, and 16% reporting losses exceeding $10 million.

The average ransom demand for US businesses reached $1.4 million, the highest among the surveyed nations, followed by France (€925,920), Germany (€672,217), and the UK (£334,940).


These findings corroborate research by Arctic Wolf in February 2024, which indicated a 20% increase in median initial ransomware demands to $600,000 in 2023 compared to the previous year.

Despite the risks, only 41% of organisations feel adequately prepared with the right personnel and strategies to handle future attacks. Furthermore, while almost all respondents have cyber insurance, only 40% are confident that it would cover ransomware incidents.

The research also highlighted a shift towards more sophisticated "low-and-slow" ransomware tactics aimed at infiltrating networks extensively for higher ransom payments.

More than half (56%) of cyber security professionals reported a failure to detect breaches for 3-12 months.

The primary methods used by ransomware actors to infiltrate organisations' systems included supply chain breaches (41%), direct infiltration (24%), and insider assistance (22%).



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page