In 2024, a report by the Ponemon Institute revealed a significant rise in the impact of ransomware on organizations. The study found that 58% of victims had to shut down operations to recover, a marked increase from 45% in 2021. The report also highlighted the growing financial and reputational costs of ransomware attacks, with nearly 40% of victims reporting significant revenue loss and 35% experiencing brand damage. While organizations recovered faster than in previous years, with average remediation times down to 132 hours, the average cost of each attack was still high, amounting to $146,685.
Ransomware payments have remained a common response to attacks, with 51% of organizations paying the ransom demands. The main motivations for paying were to avoid data leaks, prevent downtime, and due to cyber insurance coverage. However, paying the ransom did not guarantee data recovery. Only 13% of victims reported that all impacted data was restored after the ransom was paid. In many cases, attackers continued to demand further payments, and 40% of organizations still saw their data leaked despite paying the ransom.
The report also examined how ransomware groups are exploiting vulnerabilities to gain access to systems. Phishing remained the most common delivery method for ransomware, used in 45% of attacks, though remote desktop protocol compromises and software vulnerabilities were also common. Over half of organizations reported that cybercriminals targeted unpatched vulnerabilities to achieve lateral movement within their networks, with 52% of respondents saying that attackers took advantage of these weaknesses to escalate their privileges and carry out further attacks. This marks a significant rise from the 33% of organizations reporting similar tactics in 2021.
Despite advances in faster recovery times, the study emphasizes that ransomware attacks continue to pose serious risks to organizations’ operations, finances, and reputations.
With ransomware groups employing increasingly sophisticated methods to breach networks, the report stresses the need for stronger cybersecurity measures, including regular patching, improved backups, and faster incident response. The research underscores that while organizations are learning to recover more quickly, they must invest in better defenses to mitigate the growing and evolving threat of ransomware.