Ransomware Assaults Intensify with Direct Threats Towards Executive Safety

A new report by Semperis, published on July 31, sheds light on the alarming prevalence of ransomware attacks over the past 12 months. According to the survey of 1500 IT and security professionals across multiple industries, a staggering 78% of organizations have been targeted by ransomware.

The report reveals that the recovery time from these attacks varies significantly. Around a quarter (23%) of victims managed to return to normal operations in less than a day, while 58% took between one day and one week. Around a fifth (18%) struggled to get back on track, taking between one week and one month.

The top three ransomware-related business disruptions cited by victims were job losses (62%), data breaches (61%), and the cancellation of cybersecurity services or cyber insurance premiums (46%).

Interestingly, more than half of organizations that paid a ransom demand did so multiple times. In fact, 29% of those firms paid three or more times.

The report also highlighted the use of additional threats by some ransomware groups. For instance, the Chaos ransomware group has been observed using DDoS attacks and spreading news of the incident to competitors and clients. On the other hand, the BlackCat ransomware group reported one of its victims to the U.S. Securities and Exchange Commission (SEC) in 2023. However, the ransomware group that explicitly reported a victim to the SEC was not identified in the available search results.

Threats of filing regulatory complaints were common in around half of ransomware attacks. Ransom payment rates were highest in the US, with 81% of victims paying up.

Follow-up attacks often occurred soon after the original incident. 17% of attacks were simultaneous, 16% happened less than one day later, 37% occurred one to six days later, and 26% took place seven to 29 days following the first attack.

Successful ransomware incidents occurred in 56% of cases, and around three-quarters (73%) of these victims suffered multiple attacks, with 31% being attacked three or more times. However, ransomware payments fell by 35% year-over-year in 2024.

Despite the decline, 69% of ransomware victims still paid a demand. This trend might be influenced by the Securities and Exchange Commission (SEC) four-day disclosure rule.

Organizations in Australia, New Zealand, Italy, Germany, and the UK were most likely to be targeted, with over 81% affected in each of these regions.

Mickey Bresman, CEO of Semperis, advises that paying ransomware actors should not be the default option for victims. He emphasizes the importance of robust cybersecurity measures and incident response plans.

A concerning finding is the use of threats of physical harm to business executives in 40% of incidents over the past 12 months. This underscores the need for comprehensive security measures and a proactive approach to cybersecurity.

The report serves as a reminder of the ongoing threat posed by ransomware and the need for continued vigilance and investment in cybersecurity measures.