Skip to main content
close search
site logo

Some companies pay ransomware attackers multiple times, survey finds

Even after paying a ransom, more than a third of companies either did not receive the decryption keys or were given corrupted keys, Semperis found.

Published July 31, 2024
Justin Bachman's headshot
Senior Reporter
Double exposure shot of backside of a computer and red binary codes.
Suebsiri via Getty Images

First published on

Legal Dive

Nearly one-third of companies that suffered a ransomware attack paid a ransom four or more times in the past 12 months to regain access to their systems, according to the 2024 Ransomware Risk Report released Tuesday by Semperis, a cybersecurity software company.

This decision to pay multiple times involved 32% of attacked companies in France, Germany, the U.K. and U.S. across multiple industries, according to the survey of 900 IT and security executives.  

Nearly half of the German companies queried paid four or more ransom payments, compared to one-fifth of companies in the U.S.

More than a third of companies that paid the extortion demand either did not receive the decryption keys from attackers or were given corrupted keys, according to the report.

Almost three-quarters of companies said they had endured multiple attacks, and 87% said the attacks had caused some level of disruption. Companies in the U.S. and U.K. were slightly more likely to have experienced a ransomware attack, with 85% in each country reporting such an attack within the past 12 months, Semperis said.

About 75% of those surveyed reported paying a ransom to regain control of their data; about 10% said they had paid more than $600,000.

“Ransomware, once a sporadic menace, has evolved into an unrelenting adversary,” the study, conducted in partnership with Censuswide, said. “Attacks are no longer isolated incidents; they occur incessantly.”

More than 80% of ransomware attacks compromised an organization’s IT identity system, such as Microsoft Active Directory or Entra ID, but 61% of respondents said they don’t have dedicated AD or Entra ID backup systems, according to the report.

Ransomware attacks have evolved from individual bands of actors to “the sum of activities by a loose confederation of groups,” said Chris Inglis, a Semperis adviser and former U.S. National Cyber Director. That means a company often must negotiate with, and pay, more than one attacker.

“Any company that thinks, ‘I’ll just pay my way out,’ is setting themselves up for a harder ride than they might have imagined,” he said.

Companies should assume “a constant breach” posture, according to Semperis, which is based in Hoboken, New Jersey.

Threat actors share information, purchase ready-made ransomware as a service kits, use regulatory fines as leverage and attack industries that were once considered off limits, the reports said. 

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell