Majority of Organizations Who Paid Ransom Demand Attacked Again

A new study highlights the significant risks associated with paying ransomware demands, InfoSecurity Magazine reports. Researchers found that 80% of organizations that paid a ransom experienced a second attack, with 68% of these subsequent attacks occurring within a month and often involving higher ransom demands.

The financial and operational impacts of ransomware attacks are substantial. Approximately 66% of affected organizations reported revenue losses, 53% suffered reputational damage, and 31% had to suspend operations temporarily or permanently. Additionally, 35% experienced C-level resignations, and nearly 40% laid off staff as a direct consequence of the attacks.

The study also found that 84% of businesses that paid the ransom did not recover their data fully intact, with only 47% regaining uncorrupted data and services. Furthermore, 60% of organizations admitted that attackers had been present in their networks for up to six months before detection, indicating a need for improved threat detection and response strategies.

Takeaway: This is a good lesson to learn for organizations, that paying the ransom isn’t an easy reset button. The study makes it painfully clear: 80% of organizations that paid up got hit again, often by the same crew. It’s not just about the money—it’s the signal you’re sending. And that signal? It could put a target on your back.

Even if you do pay and the criminals provide a decryptor, that’s not the end of your problems—it’s just the beginning.  

Decryptors are rarely plug-and-play. They’re slow, unreliable, and often corrupt the very data you’re trying to recover. You’re looking at weeks of manual work to get systems back online—if you’re lucky.  

And that’s assuming the decryptor even works in the first place. Many orgs only recover partial or broken data. So, you paid a ransom, and now you’re rebuilding from scratch anyway.

Paying doesn’t guarantee recovery. It doesn’t guarantee safety. It just guarantees that you’re now on the repeat-customer list for a criminal enterprise.

If you think paying buys you a way out, you’re not looking at the full cost. Prevention, resilience, and a solid response plan are cheaper—and smarter—than rolling the dice with extortionists.

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more, and check out our quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.